Attack Surface Management Platform

A powerful and open-source toolkit for hackers and security automation - 安全行业从业者自研开源扫描器合辑

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

Next generation web scanner

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

💀 Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

⚔️Windows11 Penetration Suite Toolkit 🔰 The First Windows Penetration Testing Environment on Mac M Chips

All In One Web Recon

Open-source security research tool for identifying origin IP exposure of websites protected by Cloudflare and similar reverse proxy services.

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities.

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

This repository is about @harshbothra_'s 365 days of Learning Tweets & Mindmaps collection.

:hammer: A modern multiple reverse shell sessions manager written in go

🔐 Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources

An XSS exploitation command-line interface and payload generator.

Automatic SSTI detection tool with interactive interface

A curated collection of top-tier penetration testing tools and productivity utilities across multiple domains. Join us to explore, contribute, and enhance your hacking toolkit!

Convolutional neural network for analyzing pentest screenshots

SocialPwned is an OSINT tool that allows to get the emails, from a target, published in social networks such as Instagram, Linkedin and Twitter to find possible credentials leaks in PwnDB or Dehashed and obtain Google account information via GHunt.

A tool that helps you easy trace classes, functions, and modify the return values of methods on iOS platform

OffSec OSINT Pentest/RedTeam Tools

An IIS short filename enumeration tool

Leaked pentesting manuals given to Conti ransomware crooks

Loading Remote AES Encrypted PE in memory , Decrypted it and run it

Username enumeration and password spraying tool aimed at Microsoft O365.

APKHunt is a comprehensive static code analysis tool for Android apps that is based on the OWASP MASVS framework. Although APKHunt is intended primarily for mobile app developers and security testers, it can be used by anyone to identify and address potential security vulnerabilities in their code.

Offensive Security OSCP+, OSEP, OSWP, OSWA, OSWE, OSED, OSMR, OSEE, OSDA, OSIR, OSTH Exam and Lab Reporting / Note-Taking Tool

A technique to run binaries filelessly and stealthily on Linux by "overwriting" the shell's process with another.

Lonkero - Wraps around your attack surface. Professional-grade scanner for real penetration testing. Fast. Modular. Rust.