Automated Penetration Testing Agentic Framework Powered by Large Language Models

Open-source AI hackers to find and fix your app’s vulnerabilities.

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a ski…

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Gather and update all available and newest CVEs with their PoC.

A byte code analyzer for finding deserialization gadget chains in Java applications

一款用于网页敏感信息检测，指纹识别的chrome插件

记录一下 Java 安全学习历程，也算是半条学习路线了

A CAT called tabby ( Code Analysis Tool )

CodeQLpy是一款基于CodeQL实现的半自动化代码审计工具，目前仅支持java语言。实现从源码反编译，数据库生成，脆弱性发现的全过程，可以辅助代码审计人员快速定位源码可能存在的漏洞。

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security

一款综合性网络安全检测和运维工具，旨在快速资产发现、识别、检测，构建基础资产信息库，协助甲方安全团队或者安全运维人员有效侦察和检索资产，发现存在的薄弱点和攻击面。

Fenrir 是一个基于 MCP 协议与 AST 技术的代码审计工具，旨在解决安全研究与自动化代码审计领域中，面对大规模、结构复杂甚至反编译代码时，传统代码搜索与分析手段效率低、准确性差的问题。

jetbrains 编辑器代码审计插件，适配：phpStorm，webStorm，rider，IntelliJ IDEA，pyCharm

IDEA代码审计辅助插件（深信服深蓝实验室天威战队强力驱动）

"chanzi" is a simple and user-friendly JAVA SAST tool that utilizes taint analysis technology, includes built-in common vulnerability rules, supports decompile, custom rule, and is compatible with …

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发展，支持 MCP 调用，支持 n8n 工作流

自己学习java安全的一些总结，主要是安全审计相关

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the …