GitHub - atredispartners/llmchainhunter: Leveraging LLM to generate Java deserialization chains · GitHub
GitHub - xalgord/xalgorix: Xalgorix - The Most Powerful Open-Source AI Pentesting Agent · GitHub
GitHub - amruth-sn/kong: The world's first agentic reverse engineer. · GitHub
BishopFox/raink: Use LLMs for document ranking
SySS-Research/diffalayze: LLM-based automated patch diffing
GitHub - vichhka-git/universal-flutter-ssl-pinning: Automated SSL pinning bypass for any Flutter & Shorebird version — PyGhidra static analysis auto-discovers BoringSSL and generates ready-to-run Frida & Renef scripts · GitHub
GitHub - dievus/ADPulse: Active Directory Vulnerability Scanner · GitHub
GitHub - gadievron/exploitation-validator: A prompt-based pipeline for finding, validating, and proving vulnerabilities using LLM sub-agents.
GitHub - dinosn/ghleaks: Search for github leaks by combining gitleaks and git-hound capabilities with rate control and exhaustive search.
SECFORCE/droidground: A flexible playground for Android CTF challenges.
GitHub - Tzohar/PassLLM: World's most accurate password guessing AI tool. A PyTorch implementation of PassLLM (USENIX 2025) that leverages PII and LoRA fine-tuning to outperform existing tools by over 45% on consumer hardware.
GitHub - samugit83/redamon: An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs
GitHub - SimoneAvogadro/android-reverse-engineering-skill: Claude Code skill to support Android app's reverse engineering [app] [rev]
vxcontrol/pentagi: ✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks
six2dez/burp-ai-agent: Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
ucsb-mlsec/VulnLLM-R
GitHub - affaan-m/everything-claude-code: Complete Claude Code configuration collection - agents, skills, hooks, commands, rules, MCPs. Battle-tested configs from an Anthropic hackathon winner. [app] [sys]
hoodoer/ColonelClustered: A Java Burp Plugin that performs text clustering on responses to identify outliers/groups based on the actual content of the server responses, say from an Intruder run.
Hackmanit/Web-Cache-Vulnerability-Scanner: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
DeepAudit/README_EN.md at v3.0.0 · lintsinghua/DeepAudit
assetnote/surf: Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.
trailofbits/skills: Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows
GitHub - 0xless/slip: Slip is a CLI tool to create malicious archive files containing path traversal payloads. It supports zip, tar, 7z and zip-like (jar, war, apk, ipa, ...) archives
Gixy-Next: NGINX Configuration Security & Hardening Scanner
repplus/rep-chrome: rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks
danieldev23/trafexia: Trafexia - Mobile Traffic Interceptor
KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
GitHub - gadievron/raptor: Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.