GitHub - Tzohar/PassLLM: World's most accurate password guessing AI tool. A PyTorch implementation of PassLLM (USENIX 2025) that leverages PII and LoRA fine-tuning to outperform existing tools by over 45% on consumer hardware.
GitHub - samugit83/redamon: An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
GitHub - SeanHeelan/anamnesis-release: Automatic Exploit Generation with LLMs
GitHub - SimoneAvogadro/android-reverse-engineering-skill: Claude Code skill to support Android app's reverse engineering [app] [rev]
vxcontrol/pentagi: ✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks
six2dez/burp-ai-agent: Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
ucsb-mlsec/VulnLLM-R
GitHub - affaan-m/everything-claude-code: Complete Claude Code configuration collection - agents, skills, hooks, commands, rules, MCPs. Battle-tested configs from an Anthropic hackathon winner. [app] [sys]
hoodoer/ColonelClustered: A Java Burp Plugin that performs text clustering on responses to identify outliers/groups based on the actual content of the server responses, say from an Intruder run.
Hackmanit/Web-Cache-Vulnerability-Scanner: Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
DeepAudit/README_EN.md at v3.0.0 · lintsinghua/DeepAudit
assetnote/surf: Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.
trailofbits/skills: Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows
GitHub - 0xless/slip: Slip is a CLI tool to create malicious archive files containing path traversal payloads. It supports zip, tar, 7z and zip-like (jar, war, apk, ipa, ...) archives
Gixy-Next: NGINX Configuration Security & Hardening Scanner
repplus/rep-chrome: rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks
danieldev23/trafexia: Trafexia - Mobile Traffic Interceptor
KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
GitHub - six2dez/reconftw: reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
GitHub - gadievron/raptor: Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we configure the agent for adversarial thinking, and perform research or attack/defense operations.
GitHub - arm/metis: Metis is an open-source, AI-driven tool for deep security code review
GitHub - 0rShemesh/jadx-magic-strings: JADX plugin that extracts method names, class references, and source file paths from string constants found in DEX files and decompiled Android code.
GitHub - irsdl/auraditor: A Burp Suite extension for Lightning/Aura framework security testing with advanced action management, context editing, and comprehensive audit capabilities. [app]
westonbrown/Cyber-AutoAgent: AI agent for autonomous cyber operations
anthropics/claude-code-security-review: An AI-powered security review GitHub Action using Claude to analyze code changes for security vulnerabilities.
LLM Code Review vs Deterministic SAST Security Tools
GitHub - ofkm/arcane: Modern Docker Management, Designed for Everyone
GitHub - pandaadir05/re-architect
GitHub - ImAyrix/fallparams: Find All Parameters - Tool to crawl pages, find potential parameters and generate a custom target parameter wordlist
owasp-noir/noir: Attack surface detector that identifies endpoints by static analysis