Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP…

Codex skill for safe codebase complexity analysis and performance optimization reports

Autonomous Hacking Agent for Red Team

Hefaistos is a powerful Burp Suite extension designed for hackers

A tool for detecting subdomain takeover vulnerabilities by checking DNS records

A Burp Extension to test Authorization and Broken Access Control!

针对于红队攻击思维做出的red team模式(让你的codex像红队一样思考！)，可在单对话使用（目前只支持5.4，5.5需要过cyber认证，可自行适配其他AI）

Autonomous Bug Bounty Hunting Framework powered by Claude Code. 20 AI agents, state-machine orchestration, Burp Suite MCP, credential vault, LLM security track. Type 'hunt target.com' and let AI fi…

Scan the world (for secrets)

Light, fluffy, and always free - The AWS Local Emulator alternative

OpenAnt from Knostic is the leading open source LLM-based vulnerability discovery product, helping defenders proactively find verified security flaws while minimizing both false positives and false…

承影，愿你在光影之间，找到属于自己的锋芒。开源的类 BurpSuite 应用 ChYing — may you find your own edge between light and shadow. An open-source, BurpSuite-like application.

An open-source long-horizon SuperAgent harness that researches, codes, and creates. With the help of sandboxes, memories, tools, skill, subagents and message gateway, it handles different levels of…

r3ngine is the rebirth of the automated reconnaissance framework for web applications with a focus on dynamic streamlined recon process, backed by a database, & simple yet intuitive User Interface.…

A desktop home for your CLI agent. Wraps claude / copilot / codex / aider in a clean Electron window with PTY, MCP, drag-drop context, sessions, voice, and a live status panel. PAI reasoning bundled.

Hephaestus（火神）在原有客户端基础上更改为Web的安全工具，更优秀的功能，更好看的界面，希望可以带给你新的体验

Mach is a fast, reliable, and extensible web fuzzing tool built for security researchers, bug bounty hunters, and penetration testers. Designed with performance and simplicity in mind, it helps unc…

一个新的安全服务工具集

安全服务集成化工具集

A curated list of awesome OpenAI Codex plugins, skills, and resources. The #1 Codex Marketplace. See live plugins at: https://hol.org/registry/plugins

High-performance subdomain prober written in Rust. Like httpx, but faster.

Give me your APK, I will give you framework name

Skill de Pentesting para Android

Free Active Directory pentesting tool and Linux CLI for AD enumeration, BloodHound, Kerberoasting, ADCS, DCSync, and attack paths.

Passive source code Vulnerability Scanner that flags 76+ security vulnerabilities and weak coding practices in JS, HTML, and JSON responses — with linter-style output, CWE references, and fix guida…

Pentest Coverage Tracker is a Burp Suite extension that helps penetration testers monitor testing coverage in real time. It logs discovered endpoints and tracks whether their parameters are actuall…

渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript

SSRFHunter

HowToLogin is a tool that tests web application login pages for login page vulnerabilities and impelementations.