AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)

A Burp Suite extension that provides AI-powered security testing using local Ollama models

Cybersecurity AI (CAI), the framework for AI Security

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

Guardian is a production-ready AI-powered penetration testing automation CLI tool that leverages Google Gemini and LangChain to orchestrate intelligent, step-by-step penetration testing workflows w…

Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more

Updog is a replacement for Python's SimpleHTTPServer. It allows uploading and downloading via HTTP/S, can set ad hoc SSL certificates and use http basic auth.

SpicyAD is a C# Active Directory penetration testing tool designed for authorized security assessments. It combines multiple AD attack techniques into a single, easy-to-use tool with both interacti…

Web Fuzzer & Vulnerability Scanner for Penetration Testing & Bug Bounty. ffuf/gobuster alternative with 200+ features: WAF Bypass, API Fuzzing (REST/GraphQL/WebSocket), CAPTCHA Detection, Director…

Venom C2 is a dependency‑free Python3 Command & Control framework for redteam persistence

This is the report that goes with my mock full-scope red team engagement against Game of Active Directory.

BloodyAD is an Active Directory Privilege Escalation Framework

Advanced penetration testing framework in V language. 700+ exploits, 30+ reverse shells, payload generator, obfuscator. Fast, lightweight,

A simple Python script to do quick, targeted recon of a given domain.

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

Bug Bounty Hunting Framework Designed to Help Beginners Compete w/ the Pros

Additional resources

Group Policy Objects manipulation and exploitation framework

Active Directory certificate abuse.

Metasploitable3 is a VM that is built from the ground up with a large amount of security vulnerabilities.

My exploit collection ExploitDB GitHub etc.

🔍 gowitness - a golang, web screenshot utility using Chrome Headless

A deliberately vulnerable Microsoft Entra ID environment. Learn identity security through hands-on, realistic attack challenges.

The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbitrary binaries and scripts using any of our nine supported cl…