Stars
A growing collection of MCP servers bringing offensive security tools to AI assistants. Nmap, Ghidra, Nuclei, SQLMap, Hashcat and more.
HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…
Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
Experimental MCP local server for bug hunters to speed up exploits searches
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …
Explanation and full RCE PoC for CVE-2025-55182
High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
RetDec is a retargetable machine-code decompiler based on LLVM.
Test your prompts, agents, and RAGs. AI Red teaming, pentesting, and vulnerability scanning for LLMs. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with co…
This is a "skill" for claude to use FFUF.
A fancier postMessage tracker with Chrome Manifest version V3 support and a few additional features, inspired by Frans Rosens postmessage tracker.
Chrome extension for automating CSPT discovery
🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.
Automatically exported from code.google.com/p/domxsswiki
A secure low code honeypot framework, leveraging AI for System Virtualization.
A comprehensive collection of Lambda functions for strengthening AWS account security through automated detection, notification, and remediation.
Automated All-in-One OS Command Injection Exploitation Tool
Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.
Obtain GraphQL API schema even if the introspection is disabled
proxychains - a tool that forces any TCP connection made by any given application to follow through proxy like TOR or any other SOCKS4, SOCKS5 or HTTP(S) proxy. Supported auth-types: "user/pass" fo…
Claude Code is an agentic coding tool that lives in your terminal, understands your codebase, and helps you code faster by executing routine tasks, explaining complex code, and handling git workflo…
For developers, who are building real-time data-driven applications, Redis is the preferred, fastest, and most feature-rich cache, data structure server, and document and vector query engine.
Jupyter notebooks for the code samples of the book "Deep Learning with Python"