Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

Experimental MCP local server for bug hunters to speed up exploits searches

MCP Server for Ghidra

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …

Explanation and full RCE PoC for CVE-2025-55182

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)

RetDec is a retargetable machine-code decompiler based on LLVM.

Test your prompts, agents, and RAGs. AI Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with co…

This is a "skill" for claude to use FFUF.

Prompt Injection Primer for Engineers

A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage tracker.

Chrome extension for automating CSPT discovery

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

Automatically exported from code.google.com/p/domxsswiki

A secure low code honeypot framework, leveraging AI for System Virtualization.

ProjectDiscovery's Open Source Tool Manager

GraphSpecter is a tool to audit GraphQL API

A comprehensive collection of Lambda functions for strengthening AWS account security through automated detection, notification, and remediation.

Automated All-in-One OS Command Injection Exploitation Tool.

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

Obtain GraphQL API schema even if the introspection is disabled

Use LLMs to rank anything.

proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…

Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflo…

For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine.

The ARP Scanner

Jupyter notebooks for the code samples of the book "Deep Learning with Python"

Deep Learning for humans

A Crypto analisys tool