An agentic skills framework & software development methodology that works.

Automatically downloads, installs, and deploys genuine Windows and Office with one click. This tool is completely free, ad-free, green, non-toxic, simple, efficient and safe.

claude-red is a curated library of offensive security skills designed for the Claude skills system. Each skill is a structured SKILL.md file that primes Claude with expert-level methodology for a s…

Vigolium - High-fidelity vulnerability scanner fusing agentic AI with native speed, modularity, and precision

12 Lessons to Get Started Building AI Agents

Python SDK, Proxy Server (AI Gateway) to call 100+ LLM APIs in OpenAI (or native) format, with cost tracking, guardrails, loadbalancing and logging. [Bedrock, Azure, OpenAI, VertexAI, Cohere, Anthr…

Bug bounty agent framework for Claude Code, Codex, Gemini, Cursor, Windsurf, Copilot, and OpenClaw — 48 agents, 26 commands, 19 CLI tools, 2 MCP servers, autonomous hunt loops, exploit chain builder.

Local AI coding agent powered by Qwen3.5-27B-Claude-4.6-Opus-Reasoning-Distilled. Like Claude Code, but runs entirely on your GPU.

Claude Code skill to support Android app's reverse engineering

754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub …

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities bef…

Impacket is a collection of Python classes for working with network protocols.

The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.

「🔑」A tool used to hunt down API key leaks in JS files and pages

scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

Find secrets with Gitleaks 🔑

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wis…

A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.

secator - the pentester's swiss knife

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …

In-depth attack surface mapping and asset discovery

Bug Bounty Methodology 2025: Tools, techniques, and steps to guide you through reconnaissance, enumeration, and testing.

A fast WordPress plugin enumeration tool

Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE)

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Subdomain and target enumeration tool built for offensive security testing

Firebase Misconfiguration Detection Toolkit - To be presented at Blackhat EU Arsenal