Stars
Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
A kernel-assisted shared-library injector for Android. Loads any .so into a target process without ptrace, in-process dlopen, or visible traces in /proc/<pid>/maps. GKI 2.0 (Android 12-16).
Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision
Llama Server Studio is a single-binary Go web application that helps users manage llama.cpp's llama-server without manually dealing with hundreds of command-line flags. The app provides a guided UI…
Automating situational awareness for cloud penetration tests.
a lightweight, single-binary webapp that lets you leave your AI agents running 24/7. You can check in on their progress, review their work, and prompt them for the next features from anywhere. It b…
Stealth Chromium that passes every bot detection test. Drop-in Playwright replacement with source-level fingerprint patches. 30/30 tests passed.
A curated toolkit for Open-Source Intelligence (OSINT) investigations. This repository contains a collection of scripts, resources, and methodologies to aid in gathering and analyzing publicly avai…
AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
Tools that can be useful for OSEP exam and PEN300 studies.
Claude Code skill to support Android app's reverse engineering
An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.
A demonstration of how to use BuildKit to build anything you want.
AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
A Burp Suite extension for GraphQL security testing.
eBPF-based egress audit tool for CI environments. Captures outbound network connections with executable paths and DNS hostnames.
Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…
Search for all leaked keys/secrets using one regex! bugbounty
Android kernel exploit for CVE-2025-38352, previously exploited in-the-wild. Targets vulnerable x86_64 Linux kernels v5.10.x.
Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by-step penetration testing workflows w…
Collection of scripts and tools used during bug bounty work. This will be the location of my automation scripts created for my own personal use, and occassionally public released
A powerful tool for automated LLM fuzzing. It is designed to help developers and security researchers identify and mitigate potential jailbreaks in their LLM APIs.
📱 Display and control your Android device graphically with scrcpy.