Ralph is an autonomous AI agent loop that runs repeatedly until all PRD items are complete.

Orchestrate thousands of agents and harnesses as a graph programatically

Lightweight Claude OAuth to OpenAI-compatible API proxy

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

TradingAgents: Multi-Agents LLM Financial Trading Framework

A curated list of awesome skills, hooks, slash-commands, agent orchestrators, applications, and plugins for Claude Code by Anthropic

A collection of MCP servers.

12 Lessons to Get Started Building AI Agents

A full-stack AI Red Teaming platform securing AI ecosystems via OpenClaw Security Scan, Agent Scan, Skills Scan, MCP scan, AI Infra scan and LLM jailbreak evaluation.

Azazel is a userland rootkit based off of the original LD_PRELOAD technique from Jynx rootkit. It is more robust and has additional features, and focuses heavily around anti-debugging and anti-dete…

A collection of Linux kernel rootkits found across the internet taken and put together

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.

企业级 AI 编程助手，专为 研发协作 和 研发管理 场景而设计。

The modern Java bytecode editor

A tool that helps you work with frida easily for Android platform

Java反序列化/JNDI注入/恶意类生成工具，支持多种高版本bypass，支持回显/内存马等多种扩展利用。

Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available

一款帮助云租户发现和测试云上风险、增强云上防护能力的综合性开源工具

Jar Analyzer - 一个 JAR 包 GUI 分析工具，方法调用关系搜索，方法调用链 DFS 算法分析，模拟 JVM 的污点分析验证 DFS 结果，字符串搜索，Java Web 组件入口分析，CFG 程序分析，JVM 栈帧分析，自定义表达式搜索，紧跟 AI 技术发展，支持 MCP 调用，支持 n8n 工作流

A powerful JNDI injection exploitation framework that supports RMI, LDAP and LDAPS protocols, including various bypass methods for high-version JDK restrictions

/root/.ssh/authorized_keys evil file watchdog with ebpf tracepoint hook.

文章 Attack Code 的详细全文。安全和开发总是具有伴生属性，尤其是云的安全方向，本篇文章是希望能帮助到读者的云安全入门材料。Full text of the article Attack Code. Security and development always have concomitant attributes, and this is especially true wit…

Here is useful scripts collections. You can forge tickets locally with secret keys or certificates. It's useful when you want backdoor/persistence with opsec

Tunnel TCP connections through a file

A fast vulnerability scanner helps pentesters pinpoint possibly vulnerable targets from a large number of web servers

侦查守卫(ObserverWard)的指纹库

xAST评价体系，让安全工具不再“黑盒”. The xAST evaluation benchmark makes security tools no longer a "black box".

Fileless atexec, no more need for port 445