A modern platform for visual, flexible, and extensible graph-based investigations. For cybersecurity analysts and investigators.

LLM Council works together to answer your hardest questions

The next-generation file converter. Open source, fully local* and free forever.

A simple browser extension to quickly find interesting security-related information on a webpage.

Storage Explorer - Publicly open storage viewer (Amazon S3 Bucket, Azure Blob, FTP server, HTTP Index Of/)

🔤 A list of all the public package names on npm. Updated daily.

Discover GitHub repositories and hunt for leaked credentials with style

cuDF - GPU DataFrame Library

CLI tool that fetches resolved & disclosed HackerOne reports by vulnerability and exports them to CSV.

MCP Server for Ghidra

wappalyzer alternative based on wappalyzer browser extension

Extended pickling support for Python objects

Latest CVEs with their Proof of Concept exploits.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

A penetration testing tool for odoo applications.

An open-source framework for detecting, redacting, masking, and anonymizing sensitive data (PII) across text, images, and structured data. Supports NLP, pattern matching, and customizable pipelines.

Identify hardcoded secrets in static structured text (version 2)

LLM-powered framework for deep document understanding, semantic retrieval, and context-aware answers using RAG paradigm.

FireCracker is an open-source tool that scans APKs for misconfigured Firebase URLs, helping developers identify and fix security vulnerabilities to enhance Firebase database security.

Tool to mass analyse potentially exposed Firebase databases on Android apps

AI-assisted DAST pipeline combining Subfinder, Subzy, FFUF (heuristic-based smart fuzzing), and Nuclei with automated reporting.

Firebase Misconfiguration Detection Toolkit - To be presented at Blackhat EU Arsenal

Autoswagger by Intruder - detect API auth weaknesses

BackupFinder discovers backup files on web servers by generating intelligent patterns.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Gospider - Fast web spider written in Go

State-of-the-art Machine Learning for the web. Run 🤗 Transformers directly in your browser, with no need for a server!

🌐 List of free and downloadable top 1M domain list (alexa alternatives) 📊