ShellCheck, a static analysis tool for shell scripts

Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

A set of Python command line tools for working with SARIF files produced by code analysis tools

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Continuous Inspection

Impacket is a collection of Python classes for working with network protocols.

🐫 CAMEL: The first and the best multi-agent framework. Finding the Scaling Law of Agents. https://www.camel-ai.org

OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security enthusiasts.

Agentic Pentesting MCP server that discovers, exploits, and reports web application vulnerabilities.

MCP Server for Burp

SSE to Stdio MCP Proxy Server

Harness engineering official style beginner tutorial, from 0 to 1

SecretBench is a dataset consisting of different secret types collected from public open-source repositories.

CredData is a set of files including credentials in open source projects. CredData includes suspicious lines with manual review results and more information such as credential types for each suspic…

A modern chat interface for AI agents built with Next.js, Tailwind CSS, and TypeScript.

Build, run, manage agentic software at scale.

Fully autonomous AI Agents system capable of performing complex penetration testing tasks

Web UI for training and running open models like Gemma 4, Qwen3.5, DeepSeek, gpt-oss locally.

LLM inference in C/C++

This repo contains the codes of the penetration test benchmark for Generative Agents presented in the paper "AutoPenBench: Benchmarking Generative Agents for Penetration Testing". It contains also …

The goal of this repo is to become a benchmark for pentesting

Open-source AI hackers to find and fix your app’s vulnerabilities.

Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities bef…

Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 9…

OSCP material tools and helpful scripts.

XBOW Validation Benchmarks

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug b…

Get up and running with Kimi-K2.5, GLM-5, MiniMax, DeepSeek, gpt-oss, Qwen, Gemma and other models.