Explore a community-curated catalog of open source web security scanners organized by scanner type, revealing trends in modern web app security tooling.
awesome-osint-arsenal provides a single-command shell installer that auto-detects Linux distros and installs 750+ OSINT and security tools idempotently, turning an awesome list into a deployable arsenal.
bopscrk is a Python CLI tool for targeted password wordlist generation, combining user input and scraped song lyrics with mutations. Useful in pentesting and red teaming.
CF-Hero is a Go CLI tool that finds origin IP addresses hidden behind Cloudflare by correlating OSINT sources, DNS history, and HTTP fingerprinting. A practical tool for security pros.
Claude-OSINT equips Claude LLM with 4,600+ lines of structured OSINT tradecraft in markdown skills, enabling AI-driven recon with 90+ modules, 80+ dorks, and attack-path templates. No external APIs needed.
DeepZero automates vulnerability research on Windows kernel drivers by chaining Ghidra decompilation with LLM-based analysis using YAML pipelines and Jinja2 templates.
FuzzyAI combines fuzz testing with AI models using Python and Ollama. It offers a CLI for fuzzing with local LLMs, balancing AI power and practical setup tradeoffs.
GarudRecon automates reconnaissance by orchestrating 80+ security tools in Bash. Its design tradeoffs and installation steps reveal why Bash remains a practical choice for heavy string manipulation workflows.
H4X-Tools is a Python 3.10+ CLI toolkit offering 16 modular OSINT utilities, including a dual-source leak search combining stealer logs and a 3.2B+ credential dataset for actionable breach insights.
Hackingtool-plugin wraps 183 pentesting and OSINT tools behind a Claude Code plugin. It smartly dispatches commands to native Bash, WSL, or Docker containers, outputting clean JSON.
reconFTW automates over 50 security tools into a unified Shell-based pipeline for penetration testers and bug bounty hunters, supporting full lifecycle recon and distributed scanning.
Xalgorix is a Go-based autonomous pentesting platform driven by LLMs, featuring a 22-phase methodology from recon to exploit verification, with live telemetry and reporting.
jadx-ai-mcp combines a JADX decompiler plugin with a Python MCP server, enabling AI assistants like Claude to perform live reverse engineering on Android APKs with 30+ interactive tools.
LLM4Pentest aggregates 40+ research papers and tools tracking the evolving role of LLMs in automated penetration testing, highlighting progress and limitations.
LocalSend offers secure, zero-config LAN file sharing with ephemeral TLS certificates, built with Flutter and Rust for cross-platform privacy-focused transfers.
LuaN1aoAgent uses a P-E-R multi-agent framework and causal graph reasoning to achieve 90.4% autonomous success on penetration tests with low exploit cost. Key for AI-driven pentesting.
Matkap is a Python tool that hunts down malicious Telegram bots by hijacking leaked bot tokens and forwarding their messages for active threat intelligence gathering.
Metasploit-termux automates installing Metasploit Framework on Android via Termux, fixing Ruby 3.4 Nokogiri/Gumbo native extension build issues on ARM64. Here’s how it works.
