Add VulnHawk to Vulnerability Scanners#93
Open
momenbasel wants to merge 2 commits intovavkamil:mainfrom
Open
Conversation
AI-powered code security scanner that detects business logic vulnerabilities (missing auth checks, IDOR, logic bugs) that traditional SAST tools like Semgrep and CodeQL miss. Supports Python, JS/TS, and Go with CLI and GitHub Action.
keyFinder is a Chrome extension (MIT, 556 stars) that passively scans every page for leaked API keys, tokens, and secrets using 80+ detection patterns and Shannon entropy across 10 attack surfaces. Zero deps, Manifest V3. https://github.com/momenbasel/keyFinder
There was a problem hiding this comment.
Pull request overview
Updates the README’s security tooling lists to include additional scanners/extensions, expanding the catalog of vulnerability and secret-detection tools.
Changes:
- Add keyFinder to the Secrets section.
- Add VulnHawk to the Vulnerability Scanners section.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Comment on lines
452
to
456
| - [SecretFinder](https://github.com/m4ll0k/SecretFinder) - A python script for finding sensitive data (apikeys, accesstoken,jwt,..) and search anything on javascript files. | ||
| - [js-snitch](https://github.com/vavkamil/js-snitch) - Scans remote JavaScript files with Trufflehog + Semgrep to detect leaked secrets. | ||
| - [keyhacks](https://github.com/streaak/keyhacks) - KeyHacks shows methods to validate different API keys found on a Bug Bounty Program or a pentest. | ||
| - [keyFinder](https://github.com/momenbasel/keyFinder) - A Chrome extension that passively scans web pages for API keys, tokens, and secrets using 80+ regex patterns and Shannon entropy analysis across 10 attack surfaces. | ||
|
|
There was a problem hiding this comment.
The PR title/description says this change adds VulnHawk, but this diff also adds keyFinder to the Secrets section. Please either update the PR description/title to reflect both additions, or move the keyFinder entry into a separate PR to keep scope and review intent aligned.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary