assetnote/surf: Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.
DeepAudit/README_EN.md at v3.0.0 · lintsinghua/DeepAudit
Hackmanit/Web-Cache-Vulnerability-Scanner: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
hoodoer/ColonelClustered: A Java Burp Plugin that performs text clustering on responses to identify outliers/groups based on the actual content of the server responses, say from an Intruder run.
GitHub - affaan-m/everything-claude-code: Complete Claude Code configuration collection - agents, skills, hooks, commands, rules, MCPs. Battle-tested configs from an Anthropic hackathon winner. [app] [sys]
ucsb-mlsec/VulnLLM-R
six2dez/burp-ai-agent: Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
GitHub - SimoneAvogadro/android-reverse-engineering-skill: Claude Code skill to support Android app's reverse engineering [app] [rev]
GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs
GitHub - samugit83/redamon: An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
GitHub - Tzohar/PassLLM: World's most accurate password guessing AI tool. A PyTorch implementation of PassLLM (USENIX 2025) that leverages PII and LoRA fine-tuning to outperform existing tools by over 45% on consumer hardware.
GitHub - dinosn/ghleaks: Search for github leaks by combining gitleaks and git-hound capabilities with rate control and exhaustive search.
GitHub - gadievron/exploitation-validator: A prompt-based pipeline for finding, validating, and proving vulnerabilities using LLM sub-agents.
GitHub - dievus/ADPulse: Active Directory Vulnerability Scanner · GitHub
GitHub - vichhka-git/universal-flutter-ssl-pinning: Automated SSL pinning bypass for any Flutter & Shorebird version — PyGhidra static analysis auto-discovers BoringSSL and generates ready-to-run Frida & Renef scripts · GitHub
SySS-Research/diffalayze: LLM-based automated patch diffing
BishopFox/raink: Use LLMs for document ranking
GitHub - amruth-sn/kong: The world's first agentic reverse engineer. · GitHub
GitHub - xalgord/xalgorix: Xalgorix - The Most Powerful Open-Source AI Pentesting Agent · GitHub
GitHub - atredispartners/llmchainhunter: Leveraging LLM to generate Java deserialization chains · GitHub
GitHub - shuvonsec/claude-bug-bounty: Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation · GitHub
GitHub - gh0stkey/Web-Fuzzing-Box: Web Fuzzing Box - Web 模糊测试字典与一些Payloads · GitHub
noperator/siftrank: Use LLMs to rank anything
Slice: SAST + LLM Interprocedural Context Extractor
GitHub - gadievron/raptor: Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.
Unleashing the Hound: How AI Agents Find Deep Logic Bugs in Any Codebase
GitHub - arm/metis: Metis is an open-source, AI-driven tool for deep security code review
LLM Code Review vs Deterministic SAST Security Tools
anthropics/claude-code: Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflows - all through natural language commands.