momenbasel

momenbasel / vulnhawk

Public

AI-powered SAST scanner that finds auth bypass, IDOR, and logic bugs Semgrep/CodeQL miss. Free GitHub Action. Supports Python, JS/TS, Go, PHP, Ruby.

github.commarketplaceactionsvulnhawk-security-scan ai appsec claude code-review code-security
13
2
100% credibility
Found Apr 11, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

VulnHawk is an AI-driven tool that scans source code to detect security vulnerabilities like missing authorizations and business logic flaws that traditional pattern-matching scanners overlook.

How It Works

1
🔍 Discover VulnHawk

You hear about this friendly tool that uses smart thinking to spot hidden safety issues in your project's code that other checkers miss.

2
📥 Add it to your computer

You easily install it with a quick command, and it's ready to use right away.

3
Pick your thinking helper
☁️
Online helper

Link to a service like your AI account to let it think deeply about your code.

🏠
Private local

Use a free brain program on your computer for completely private checks.

4
📁 Choose your code folder

Simply point it to the folder holding your project's files you want to check.

5
🔍 See it find issues

Watch as it smartly compares your code pieces to uncover missing protections and weak spots others overlook.

6
📋 Review the colorful report

Get a beautiful summary with problem details, danger levels, and simple step-by-step fixes.

🛡️ Your code is safer

Now your project has caught sneaky security gaps, and you can make it check automatically whenever you update.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is vulnhawk?

VulnHawk is an AI-powered SAST scanner that digs into Python, JS/TS, Go, PHP, and Ruby codebases to uncover auth bypasses, IDORs, and business logic bugs Semgrep and CodeQL miss by analyzing code with cross-file context. Run it via CLI (`vulnhawk scan ./src`) or free GitHub Action that uploads SARIF results to Code Scanning. It supports modes like auth or injection, chains with other tools' SARIF output, and works with backends from Ollama (local) to Claude/OpenAI.

Why is it gaining traction?

Unlike rule-based scanners, it reasons over inconsistencies—like one endpoint skipping auth checks others enforce—using AI for context-aware fixes and confidence scores. Zero-config setup, free CLI options via subscription CLIs, and seamless GitHub Action integration make it a quick add-on layer for CI without custom rules. Developers grab it for spotting real exploits in complex apps where patterns fail.

Who should use this?

Backend teams building APIs in Python/Flask, JS/Express, or PHP/Laravel, hunting auth gaps and IDORs in PRs. Security engineers stacking it after Semgrep for logic flaws in Go microservices or Ruby/Rails apps. Any dev with LLM access wanting automated business-logic audits without writing queries.

Verdict

Try it as a lightweight Semgrep complement—excellent docs and GitHub Action despite 13 stars and 1.0% credibility score signaling early maturity. Stable for small-to-mid repos if you tolerate occasional LLM quirks; monitor for production scale.

(178 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.