nomore403 is a Go CLI tool for security researchers automating HTTP 403/401 bypass testing with heuristic scoring to flag likely bypasses and reduce false positives.
OpenAnt uses a two-stage LLM pipeline to detect and validate code vulnerabilities across multiple languages, reducing false positives by verifying exploits automatically.
OpsKat is a desktop app blending AI agents with secure, policy-enforced remote infrastructure control across SSH, databases, and Kafka. It bridges AI coding assistants to production safely.
SafestClaw uses classical ML pipelines and local AI models to deliver 90% of OpenClaw’s features at zero cost, avoiding prompt injection and cloud dependencies.
Seeker hosts fake web pages to trick users into granting browser location permission, harvesting precise GPS and device fingerprint data via HTML5 APIs. Built with Python and Flask, it runs on multiple platforms and supports export to Google Earth and Telegram.
skill-check is a TypeScript CLI that validates and scores AI agent SKILL.md files with auto-fix and security scanning, supporting multiple output formats and baseline comparisons.
VoidAuth is a TypeScript-based self-hosted OpenID Connect provider and ForwardAuth reverse proxy designed for homelabs, offering user management, passkeys, MFA, and Docker-first deployment.
WhatsApp-OSINT is a Python CLI that queries RapidAPI endpoints to extract WhatsApp phone number intelligence, including profile pics, business status, linked devices, and privacy settings.
OpenShell by NVIDIA offers a Rust-based AI agent sandbox runtime with hot-reloadable YAML policies for filesystem, network, process, and inference controls inside containers.
Trivy combines vulnerability detection, misconfiguration scanning, secret discovery, SBOM generation, and license analysis in one Go-based CLI tool for containers, filesystems, and Kubernetes clusters.
Sherlock is a Python CLI tool that checks username availability across 400+ social networks using a modular JSON-driven detection system. Practical, extensible, and flexible.
cfpsec is a Python CLI tool that fetches Call For Papers data from cfptime.org with security-focused hardening like ANSI escape sanitization and CSV formula injection protection.
DLLHijackHunter is a C# tool for Windows that confirms DLL hijack vulnerabilities by deploying test DLLs and verifying execution, reducing false positives in detection.
santifer/cv-santiago offers an interactive portfolio CV with a dual-mode AI chatbot, hybrid search, multi-layer prompt injection defenses, and a closed-loop evaluation pipeline for production-grade AI security.
Magento Open Source is a PHP-based e-commerce platform emphasizing community maintainers with elevated permissions and strong security practices. It offers a foundation for building online stores with active community governance.
A TypeScript project using one YAML file to drive a static site, REST API, and markdown docs for personal security tips. Explore its architecture and tradeoffs.
secrets-patterns-db offers over 1600 regex patterns for detecting secrets in code, doubling coverage compared to TruffleHog and vastly outpacing Gitleaks. It enhances AppSec scanning with tested, categorized regexes.
CoreExtendedNFC ports libnfc protocol-layer logic to iOS via CoreNFC, enabling high-level NFC operations in pure Swift with zero external dependencies and comprehensive test coverage.
DockMon offers secure multi-host Docker monitoring with a Go agent using mTLS, FastAPI backend, React frontend, real-time dashboards, and multi-channel alerts. A solid choice for enterprise-grade observability.
Evilginx 3 is a standalone Go framework implementing HTTP/DNS servers to transparently intercept and modify traffic for phishing and MFA bypass using session hijacking.
