cloudflare/cloudflared: Cloudflare Tunnel client
trailofbits/trailmark: Build and query a graph database representation of source code
Hashcracky Resources
NVIDIA/SkillSpector: Security scanner for AI agent skills. Detect vulnerabilities, malicious patterns, and security risks.
GitHub - Andyyyy64/whichllm: Find the local LLM that actually runs and performs best on your hardware. Ranked by real, recency-aware benchmarks, not parameter count. One command, run it instantly.
trailofbits/trailmark: Build and query a graph database representation of source code
ZeroPrime9/WordListeXplorer: A local wordlist intelligence and workflow management tool for offensive security & Bug Bounty workflows.
zakirullin/files.md: 🌱 Private, quiet space for thinking. A simple app for your .md files.
httpbin.org
PayloadBox
GitHub - salesforce/url-content-auditor: Audit content (pdfs, media files, images) sensitivity on urls
GitHub - SunWeb3Sec/llm-sast-scanner: A SAST skill that gives AI coding agents structured vulnerability detection across 34 vulnerability classes.
GitHub - ChiChou/grapefruit: Open-source mobile security testing suite for iOS and Android. Previously Passionfruit · GitHub
GitHub - 0x4m4/hexstrike-ai: HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities. [app] [sys]
GitHub - jumpycastle/rre-burp: Burp extension for Recursive Request Exploits (RRE) — DEFCON 2025 [app] [exp]
GitHub - RedSiege/Chromatophore: Utilities for obfuscating shellcode [exp]
GitHub - jonaslejon/malicious-pdf: 💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh
owasp-noir/noir: Attack surface detector that identifies endpoints by static analysis
GitHub - ImAyrix/fallparams: Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
GitHub - pandaadir05/re-architect
GitHub - ofkm/arcane: Modern Docker Management, Designed for Everyone
anthropics/claude-code-security-review: An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.
GitHub - irsdl/auraditor: A Burp Suite extension for Lightning/Aura framework security testing with advanced action management, context editing, and comprehensive audit capabilities. [app]
GitHub - 0rShemesh/jadx-magic-strings: JADX plugin that extracts method names, class references, and source file paths from string constants found in DEX files and decompiled Android code.
GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
danieldev23/trafexia: Trafexia - Mobile Traffic Interceptor
repplus/rep-chrome: rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks
Gixy-Next: NGINX Configuration Security & Hardening Scanner
GitHub - 0xless/slip: Slip is a CLI tool to create malicious archive files containing path traversal payloads. It supports zip, tar, 7z and zip-like (jar, war, apk, ipa, ...) archives
trailofbits/skills: Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows