Exploitation paths allowing you to (mis)use the Windows Privileges to elevate your rights within the OS.

Use your OpenCode Go subscription with Claude Code.

Penelope Shell Handler

Skills for Real Engineers. Straight from my .claude directory.

Blazing fast, advanced Padding Oracle exploit

Cybersecurity AI (CAI), the framework for AI Security

Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command li…

This tool extracts Credit card numbers, NTLM(DCE-RPC, HTTP, SQL, LDAP, etc), Kerberos (AS-REQ Pre-Auth etype 23), HTTP Basic, SNMP, POP, SMTP, FTP, IMAP, etc from a pcap file or from a live interface.

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Cmd.exe Command Obfuscation Generator & Detection Test Harness

Shellcode IDE

An LLM extension for Ghidra to enable AI assistance in RE.

Obtain GraphQL API schema even if the introspection is disabled

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Tools for ESP32 firmware dissection

Open-source AI hackers to find and fix your app’s vulnerabilities.

Firepwn is a tool made for testing the Security Rules of a firebase application.

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

HTTP/2 Last Frame Synchronization (also known as Single Packet Attack) low Level Library / Tool based on Scapy‌ + Exploit Timing Attacks

A tool for exploring each layer in a docker image

A CI/CD Red Team Framework for demonstrating Build Pipeline security risks.

This is the development tree. Production downloads are at:

A CTF Instancer to deploy challenges using Ansible. Integrated with the Zync CTFd plugin.

Vulnerability detection framework by Binarly's REsearch team

this is everything

A curated list of awesome symbolic execution resources including essential research papers, lectures, videos, and tools.

Security-oriented Go toolchain, focused on state-of-the-art fuzzing capabilities.