Fast, developer-friendly JS/TS dependency vulnerability scanner with local lockfile scanning, OSV matching, direct vs transitive visibility, --fix, JSON output, and practical remediation guidance.

An HTTP toolkit for security research.

A curated toolkit for Open-Source Intelligence (OSINT) investigations. This repository contains a collection of scripts, resources, and methodologies to aid in gathering and analyzing publicly avai…

Drone pentesting framework console

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

A community-driven OWASP Foundation project building open-source tools for vulnerability reporting, bug tracking, security automation & contributor engagement.

Complete Solution for VAPT/AppSec and Pentesting Guide: Web | Mobile | API | Thick Client | Source Code Review | DevSecOps | Wireless | Network Pentesting | SAST | DAST etc...

AI-powered bug bounty hunting from your terminal - recon, 20 vuln classes, autonomous hunting, and report generation. All inside Claude Code.

A curated list of penetration testing and ethical hacking tools, organized by category. This compilation includes tools from Kali Linux and other notable sources.

Vulnerability detection framework by Binarly's REsearch team

KeyLeak Detector – Scan websites for exposed API keys and secrets

KQLIntel is a browser-based tool that uses LLMs to convert threat intelligence reports into actionable Kusto Query Language (KQL) queries by extracting IOCs from URLs or raw text.

A curated list of resources for DFIR through Microsoft Defender for Endpoint leveraging kusto queries, powershell scripts, tools such as KAPE and THOR Cloud and more.

evilwaf is a penetration testing tool designed to detect and bypass common Web Application Firewalls (WAFs).

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities bef…

An LLM extension for Ghidra to enable AI assistance in RE.

MCP Server for Ghidra

Reconmap is a collaboration-first security operations platform for infosec teams and MSSPs, enabling end‑to‑end engagement management, from reconnaissance through execution and reporting. With buil…

Python tool for converting files and office documents to Markdown.

A Bash script to automate the initial configuration and security hardening of Debian and Ubuntu servers.

A user-friendly Python toolkit for open source intelligence, providing key features such as image geolocation, social media profiling, email breach checks, domain lookup, metadata extraction, Googl…

A browser-native operating system. Unix/Linux reimagined where the browser IS the kernel and Web APIs ARE syscalls. 60+ commands, bash-like shell, virtual filesystem, and IndexedDB persistence.

FULL Augment Code, Claude Code, Cluely, CodeBuddy, Comet, Cursor, Devin AI, Junie, Kiro, Leap.new, Lovable, Manus, NotionAI, Orchids.app, Perplexity, Poke, Qoder, Replit, Same.dev, Trae, Traycer AI…

A community-driven collection of BloodHound queries

Investigate malicious Windows logon by visualizing and analyzing Windows event log

A powerful and user-friendly binary analysis platform!

A complete, beginner-friendly bug bounty roadmap that takes you from zero experience to earning your first bounty.

A simple web app with a XXE vulnerability.