Local-first code intelligence graph for MCP and CLI. Builds a persistent map of your codebase so AI coding tools read only what matters, with benchmarked context reductions on reviews and large-rep…

AI-native red-team workbench for authorized penetration testing and vulnerability research, with specialist agents, sandboxed tooling, evidence records, and replayable timelines.

The openSquat is an open-source tool for detecting domain look-alikes by searching for newly registered domains that might be impersonating legit domains and brands.

ScopeSentry-Cyberspace mapping, subdomain enumeration, port scanning, sensitive information discovery, vulnerability scanning, distributed nodes

一款用于快速打点JS文件及路径扫描的单兵工具 / A single player tool for quickly scanning JS files and paths

PHP-Code-Audit-Skill是一个专注于PHP代码审计的Skill

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

A AI general-purpose state-space search engine, validated first on autonomous penetration testing.

Zap is an open, local-first terminal with first-class AI and agent support.

The most advanced free and open-source browser fingerprinting library

OpenSCA is an open source software supply chain security solution that supports the detection of open source dependencies, vulnerabilities and license compliance with a widely noticed accuracy by t…

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities bef…

Open-source AI hackers to find and fix your app’s vulnerabilities.

🕵️‍♂️ Offensive Google framework.

Official inference framework for 1-bit LLMs

Lightweight, open-source AI agent for your tools, chats, and workflows.

Undetected version of the Playwright testing and automation library.

MimiClaw: Run OpenClaw on a $5 chip. No OS(Linux). No Node.js. No Mac mini. No Raspberry Pi. No VPS. Hardware agents OS.

Mobile and Web client for Codex and Claude Code, with realtime voice, encryption and fully featured

wooyun-legacy skill for claude code

微舆：人人可用的多Agent舆情分析助手，打破信息茧房，还原舆情原貌，预测未来走向，辅助决策！从0实现，不依赖任何框架。

FastBurp 是一款专为网络安全测试和Web开发设计的浏览器扩展工具。它通过利用Chrome浏览器的原生调试API，实现了无需额外安装证书进行HTTPS流量拦截、修改和重放，并结合AI技术提供智能化的安全分析功能。

AgentCPM-GUI: An on-device GUI agent for operating Android apps, enhancing reasoning ability with reinforcement fine-tuning for efficient task execution.

deadpool代理池工具，可从hunter、quake、fofa等网络空间测绘平台取高质量socks5代理，或本地导入socks5代理，轮询使用代理进行流量转发。

网络空间资产测绘、ICP备案、天眼查股权结构图、端口扫描、指纹识别、小程序敏感信息提取。

Cobalt Strike Malleable C2 Design and Reference Guide

Certificate Transparency Log aggregation, parsing, and streaming service

一款部署于云端或本地的隧道代理池中间件，可将静态代理IP灵活运用成隧道IP，提供固定请求地址，一次部署终身使用

KQL Queries. Microsoft Defender, Microsoft Sentinel