vulhunt-re

vulhunt-re / vulhunt

Public

Vulnerability detection framework by Binarly's REsearch team

vulhunt.re binary-analysis reverse-engineering vulnerability-research
88
9
69% credibility
Found Mar 08, 2026 at 88 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
C++
AI Summary

VulHunt Community Edition is a free open-source scanner that detects vulnerabilities in binaries and UEFI firmware using customizable rules.

How It Works

1
🔍 Discover VulHunt

You hear about a free tool that checks computer firmware and programs for hidden security risks.

2
📥 Get the scanner

Download the scanner app and set it up on your computer with a few simple steps.

3
📚 Add safety guides

Grab the helpful data packs that teach the scanner what dangers to look for.

4
📁 Pick your files

Choose the firmware or program files you want to check for problems.

5
🚀 Start the check

Hit scan and watch as it carefully examines your files for weaknesses.

6
📊 Review findings

See a clear report listing any risks found, with details on what's wrong.

Stay protected

Know your firmware is safe or fix issues easily, keeping your computer secure.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 88 to 88 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is vulhunt?

Vulhunt scans binaries, UEFI firmware, and BA2 archives for known vulnerabilities using a rule-based detection system built on a binary analysis framework. Developers run CLI commands like `vulhunt-ce scan lib.so -o results.json` to get JSON outputs of issues, with options for pretty prints, streaming JSONL, or Binary Ninja DB integration. It's Rust-powered, handling ELF/PE/TE formats, and offers an MCP server for plugging into AI tools for vulnerability detection and monitoring using LLMs.

Why is it gaining traction?

It excels at github vulnerability scan on firmware blobs where tools like wazuh falter—vulnerability detection not working or seeming disabled gets fixed with custom rules and BA2 unpacking. The MCP server hooks into github vulnerability copilot workflows, enabling LLM-driven vuln lookup in popular languages' binaries. BTP integration adds cloud-scale github vulnerability management without vendor lock-in.

Who should use this?

Firmware engineers triaging UEFI vulns in vendor images, reverse engineers doing vulnerability check github on stripped binaries, and secops teams building a vulnerability detection agent beyond SCA tools. Ideal for those fixing "vulnerability detection seems to be disabled or has a problem wazuh" by scripting rule packs.

Verdict

Grab it for targeted binary vuln hunting—CLI and MCP deliver real value fast. At 88 stars and 0.699999988079071% credibility, it's immature with build-heavy docs and sparse tests; prototype now, but watch for community rules to mature. (187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.