Stars
AI Red Teaming playground labs to run AI Red Teaming trainings including infrastructure.
🔥 Turn entire websites into LLM-ready markdown or structured data. Scrape, crawl and extract with a single API.
Abuse trust-boundaries to bypass firewalls and network controls
Next generation frontend tooling. It's fast!
Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/or bug bounty targets!
A curated list wordlists for bruteforcing and fuzzing
reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
Framework for testing vulnerabilities of large language models (LLM).
A comprehensive, intelligent, easy-to-use, and lightweight AI Infrastructure Vulnerability Assessment and MCP Server Security Analysis Tool.
A New Approach to Directory Bruteforce with WaybackLister v1.0
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous …
Huly — All-in-One Project Management Platform (alternative to Linear, Jira, Slack, Notion, Motion)
Tool for finding URLs, paths, secrets and generating raw HTTP requests and OpenApi specifications from config files and annotations used in JAR / WAR / APK applications.
Differential testing framework for HTTP implementations
A fast tool to scan CRLF vulnerability written in Go
Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
OWASP Appsec Discovery tool and service for searching, parsing, and scoring severity using rules or AI for Swagger, Protobuf, GraphQL, DTOs, and other structured contract objects in code
✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks
An incredibly fast proxy checker & IP rotator with ease.
Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages
This tool analyzes a given Github repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
This tool analyzes a given Gitlab repository and searches for dangling or force-pushed commits containing potential secret or interesting information.
Find exposed data in Azure with this public blob scanner
Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.
best tool for finding SQLi,CRLF,XSS,LFi,OpenRedirect
Unauthorized Access to Metadata and User Data like CTF
A simple Python Exploit to Write Data to Insecure/vulnerable firebase databases! Commonly found inside Mobile Apps. If the owner of the app have set the security rules as true for both "read" & "wr…
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static a…