Xalgorix is a Go-based autonomous pentesting platform driven by LLMs, featuring a 22-phase methodology from recon to exploit verification, with live telemetry and reporting.
jadx-ai-mcp combines a JADX decompiler plugin with a Python MCP server, enabling AI assistants like Claude to perform live reverse engineering on Android APKs with 30+ interactive tools.
LLM4Pentest aggregates 40+ research papers and tools tracking the evolving role of LLMs in automated penetration testing, highlighting progress and limitations.
LocalSend offers secure, zero-config LAN file sharing with ephemeral TLS certificates, built with Flutter and Rust for cross-platform privacy-focused transfers.
LuaN1aoAgent uses a P-E-R multi-agent framework and causal graph reasoning to achieve 90.4% autonomous success on penetration tests with low exploit cost. Key for AI-driven pentesting.
Matkap is a Python tool that hunts down malicious Telegram bots by hijacking leaked bot tokens and forwarding their messages for active threat intelligence gathering.
Metasploit-termux automates installing Metasploit Framework on Android via Termux, fixing Ruby 3.4 Nokogiri/Gumbo native extension build issues on ARM64. Here’s how it works.
nomore403 is a Go CLI tool for security researchers automating HTTP 403/401 bypass testing with heuristic scoring to flag likely bypasses and reduce false positives.
OpenAnt uses a two-stage LLM pipeline to detect and validate code vulnerabilities across multiple languages, reducing false positives by verifying exploits automatically.
OpsKat is a desktop app blending AI agents with secure, policy-enforced remote infrastructure control across SSH, databases, and Kafka. It bridges AI coding assistants to production safely.
SafestClaw uses classical ML pipelines and local AI models to deliver 90% of OpenClaw’s features at zero cost, avoiding prompt injection and cloud dependencies.
Seeker hosts fake web pages to trick users into granting browser location permission, harvesting precise GPS and device fingerprint data via HTML5 APIs. Built with Python and Flask, it runs on multiple platforms and supports export to Google Earth and Telegram.
skill-check is a TypeScript CLI that validates and scores AI agent SKILL.md files with auto-fix and security scanning, supporting multiple output formats and baseline comparisons.
VoidAuth is a TypeScript-based self-hosted OpenID Connect provider and ForwardAuth reverse proxy designed for homelabs, offering user management, passkeys, MFA, and Docker-first deployment.
WhatsApp-OSINT is a Python CLI that queries RapidAPI endpoints to extract WhatsApp phone number intelligence, including profile pics, business status, linked devices, and privacy settings.
OpenShell by NVIDIA offers a Rust-based AI agent sandbox runtime with hot-reloadable YAML policies for filesystem, network, process, and inference controls inside containers.
Trivy combines vulnerability detection, misconfiguration scanning, secret discovery, SBOM generation, and license analysis in one Go-based CLI tool for containers, filesystems, and Kubernetes clusters.
Sherlock is a Python CLI tool that checks username availability across 400+ social networks using a modular JSON-driven detection system. Practical, extensible, and flexible.
cfpsec is a Python CLI tool that fetches Call For Papers data from cfptime.org with security-focused hardening like ANSI escape sanitization and CSV formula injection protection.
DLLHijackHunter is a C# tool for Windows that confirms DLL hijack vulnerabilities by deploying test DLLs and verifying execution, reducing false positives in detection.