A security auditor for Tailscale configurations. Scans your tailnet for misconfigurations, overly permissive access controls, and security best practice violations.

Agent Orchestration Command Center

Metis is an open-source, AI-driven tool for deep security code review

A growing collection of beautifully designed UI components for Go and templ. Install via CLI. Customize everything. Own your code.

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, and orchestrating security tool usage, we confi…

A lightweight GPT model, trained to discover subdomains.

Fast DNS Lookup Library and CLI Tool

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

A Complete Osint Tool 🔍

A list of tools that handle different data and make it usable in Maltego.

DNS Enumeration Script

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

Open-source AI agents for penetration testing

An experimental project exploring the use of Large Language Models (LLMs) to solve HackTheBox machines autonomously.

The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

Blazing fast GraphQL discovery & fingerprinting toolbox.

A collection of ZAP scripts and tips provided by the community - pull requests very welcome!

🔥 The Web Data API for AI - Turn entire websites into LLM-ready markdown or structured data

Claude Code superpowers: core skills library

Anthropic's Interactive Prompt Engineering Tutorial

Use Cloudflare to create HTTP pass-through proxies for unique IP rotation, similar to fireprox

Security automation with n8n ideas: 100+ Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.

✨ Open-source AI hackers for your apps 👨🏻‍💻

AI agent for autonomous cyber operations

Extracts IoCs, TTPs and the relationships between them. Outputs a STIX 2.1 bundle.