Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Github repository which contains a functional exploit for CVE-2021-39165

Go HTTP client with browser-identical TLS/HTTP2 fingerprinting. Bypass bot detection by perfectly mimicking Chrome, Firefox, and Safari at the cryptographic level (JA3/JA4, Akamai fingerprint, head…

☁️ ⚡ Granular, Actionable Adversary Emulation for the Cloud

Utility for downloading and mounting EBS snapshots using the EBS Direct API's

Subdomain Enumerator and Simple Crawler

rep+ — Burp-style HTTP Repeater for Chrome DevTools with built‑in AI to explain requests and suggest attacks

Open-source AI hackers to find and fix your app’s vulnerabilities.

Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!

Self-hosted bug bounty programs that are "scammy" or unethical

Latest CVEs with their Proof of Concept exploits.

BMW CarData MQTT client and bridge – Connects the BMW ConnectedDrive data stream to a local Mosquitto MQTT broker.

Chrome V8 n-day exploits that I've written.

Blazing fast GraphQL discovery & fingerprinting toolbox.

The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

Automated tool for patching APKs to enable the use of Frida gadget by downloading the library and injecting code into the main activity.

A tool for automated analysis of APKs to identify dependencies, de-obfuscate gross code, identify interesting files and their semantics, and generate suggestions for frida hooks.

Frida hook some jni functions

Hand-crafted Frida examples

Awesome Frida - A curated list of Frida resources http://www.frida.re/ (https://github.com/frida/frida)

Personal Access Token (PAT) recon tool for bug bounty hunters, pentesters & red teams

This is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).

SharePoint WebPart Injection Exploit Tool

The power of Claude Code / GeminiCLI / CodexCLI + [Gemini / OpenAI / OpenRouter / Azure / Grok / Ollama / Custom Model / All Of The Above] working as one.

MCP server that enables AI assistants to interact with Google Gemini CLI, leveraging Gemini's massive token window for large file analysis and codebase understanding

A powerful AWS Cognito analysis and session hijacking toolkit designed for security researchers and penetration testers. CognitoHunter specializes in dissecting AWS Cognito implementations and perf…

Proxy server to bypass Cloudflare protection