HawkAuth helps you configure authenticated scans with StackHawk’s HawkScan quickly and correctly.
Whether you’re working with form-based login, OAuth, token injection, or something more complex, HawkAuth ensures you’re covered—without the guesswork.

Open HawkAuth in ChatGPT


Open HawkAuth in ChatGPT

HawkAuth is available through ChatGPT to guide you step-by-step.


What HawkAuth Does

HawkAuth guides you through setting up authentication in your stackhawk.yml so HawkScan can test authenticated routes in your app.

You’ll get help with:

  • Creating valid stackhawk.yml authentication blocks
  • Handling login flows (form, OAuth, SSO, scripts, etc.)
  • Injecting cookies or tokens correctly
  • Ensuring scans can access protected paths like /dashboard

What to Provide

To get effective help from HawkAuth, you’ll need to share:

  • Your actual or sample stackhawk.yml (and let us know which it is!)
  • How your app authenticates (form, OAuth, etc.)
  • How sessions are kept alive (cookie or token)
  • A protected path HawkScan can use to verify login (e.g., /dashboard)

What HawkAuth Checks

HawkAuth will check for:

  • YAML structure and required keys
  • AuthN (login flow) and AuthZ (session tracking)
  • Required fields: testPath, loggedInIndicator, and loggedOutIndicator
  • Placeholder detection and secure handling guidance

What HawkAuth Won’t Do

  • Make assumptions not backed by official StackHawk documentation
  • Approve configs that are incomplete or broken
  • Skip login verification — testPath is required

Disclaimer

HawkAuth is a tool developed and maintained by StackHawk, built using OpenAI’s GPT-4 platform.
While it leverages OpenAI’s infrastructure, it is not created or officially supported by OpenAI.

Use requires a GPT-4-enabled OpenAI account (ChatGPT Plus may be required).

HawkAuth follows StackHawk’s documentation, but you should always verify key setup at docs.stackhawk.com.

Do not share credentials or sensitive URLs unless reviewed by your security team.


Important Notice Regarding HawkAuth

HawkAuth, a tool developed and maintained by StackHawk, utilizes OpenAI’s GPT-4 platform. Please be aware:

  • OpenAI Account Requirement: A GPT-4-enabled OpenAI account is necessary for use (ChatGPT Plus may be required).
  • Documentation Verification: Always verify critical setup steps at docs.stackhawk.com.
  • Data Sharing: Inputs may be used to enhance OpenAI models unless your organization has data sharing disabled under a Business or Enterprise agreement.
  • Security Precaution: Do not share credentials or sensitive URLs without prior review and approval from your security team.

Feedback Welcome

We want HawkAuth to be your go-to for authenticated scan setup.

Have a feature request or suggestion?
Let us know — your feedback helps make HawkAuth better for everyone.