AI-powered offensive security agent with 7,300+ actionable security skills. Autonomous pentesting powered by MITRE ATT&CK (2,000+ Atomic tests), CIS Benchmarks (1,500+ controls), OWASP, NIST. Lazy-…

A Python package is used to execute Atomic Red Team tests (Atomics) across multiple operating system environments.

GEF (GDB Enhanced Features) - a modern experience for GDB with advanced debugging capabilities for exploit devs & reverse engineers on Linux

A fast WordPress plugin enumeration tool

Automatic SSTI detection tool with interactive interface

Most advanced XSS scanner.

Fluxion is a remake of linset by vk496 with enhanced functionality.

Pentest Copilot is an AI-powered browser based ethical hacking assistant tool designed to streamline pentesting workflows.

Custom skins (visual themes) for the Hermes CLI agent

Offensive security toolkit for Claude Code covering red team, exploit dev, AD attacks, EDR bypass, mobile pentest

A companion tool that uses ADeleg to find insecure trustee and resource delegations in Active Directory

Active Directory delegation management tool

Another BYOVD process killer. works on all EDR's. fully signed.

Generalized Wi-Fi Client Isolation Bypasses

exploit for CVE-2026-42945

Downgrade attack for CVE-2025-48804

Double-free in Apache httpd mod_http2 stream cleanup leading to pre-auth RCE.

EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.

Store sensitive files in the cloud, or on shared media without trusting the host. LUKSbox is a Rust-based encrypted-container tool with passphrase, FIDO2 (YubiKey, Titan, Nitrokey, Windows Hello), …

Fortinet FortiClientEMS improper access control

CVE-2026-41651 — PackageKit TOCTOU LPE

Offset Independent Credential Extraction Tool

CVE-2026-42779: Apache MINA AbstractIoBuffer.resolveClass() deserialization filter bypass to RCE (CVSS 9.8)

Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning — supports bug bounty, continuous monitor…

CVE-2026-41940 — cPanel & WHM Authentication Bypass via Session-File CRLF Injection

Copy Fail (CVE-2026-31431): 9-year-old Linux kernel LPE found by Theori's Xint Code

Autonomous Hacking Agent for Red Team

Find zero-days while you sleep. DeepZero is an automated vulnerability research framework that parses, decompiles, and analyzes thousands of Windows kernel drivers for exploitable IOCTLs natively u…