Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.

A standalone and self-hosted implementation of the central server used by Ecovacs vacuum robots.

Mining URLs from dark corners of Web Archives for bug hunting/fuzzing/further probing

Dump LSASS via physical memory read primitives in vulnerable kernel drivers

Global threat map. Learn wars, conflicts, military bases and history of nations.

gpoParser is a tool designed to extract and analyze configurations applied through Group Policy Objects (GPOs) in an Active Directory environment.

LDAP Swiss Army Knife

Browse and edit PFS filesystems on APA-formatted hard drive

Agentic AI Infrastructure for magnifying HUMAN capabilities.

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

TokenSmith generates Entra ID access & refresh tokens on offensive engagements. It is suitable for both covert adversary simulations and penetration tests with the tokens generated working out of t…

Exploit AD CS misconfiguration allowing privilege escalation and persistence from any child domain to full forest compromise

A Windows Named Pipe Multi-tool / Proxy

Everything about Web Application Firewalls (WAFs) from Security Standpoint! 🔥

AI Code Security Anti-Patterns distilled from 150+ sources to help LLMs generate safer code.

A simple Python script to do quick, targeted recon of a given domain.

PoC Exploit for the NTLM reflection SMB flaw.

Security automation with n8n ideas: 100+ Red/Blue/AppSec workflows, integrations, and ready-to-run playbooks.

A collection of tools to interact with Microsoft Security Response Center API

A PowerShell variant of the amazing patch_review.py by kevthehermit

Simple HTTP server to list and manipulate files.

A collection of Vulnerability Research and Reverse Engineering writeups.

Extracts browser-stored data such as refresh tokens, cookies, saved credentials, credit cards, autofill entries, browsing history, and bookmarks from modern Chromium-based and Gecko-based browsers …

Automated OSINT on SwaggerHub

Monitor your targets and hunt fresh assets in real time.

Nuclei scripts created by @rxerium for zero days / actively exploited vulnerabilities.

Disk Usage/Free Utility - a better 'df' alternative

A phone number can reveal whether a device is active, in standby or offline (and more). This PoC demonstrates how delivery receipts + RTT timing leak sensitive device-activity patterns. (WhatsApp /…