Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, Llama, and more. Simple declarative configs with command line and CI/CD integration.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
Automated pentest reporting with custom templates, project tracking, customer dashboard and client management tools. Streamline your security workflows effortlessly!
Open Source Cloud Security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX, attachments, automatic changelog, stats, vulnerability management, bugbounty, local ai/llm, super fast pentest reporting!
Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
[ARCHIVED] Evolved into BugTraceAI v2 — github.com/BugTraceAI/BugTraceAI
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
wacat - Challenge Your Web App with Cat Chaos and AI-Driven Testing!
Moxy is an open-source DAST tool designed for modern web application security testing. It provides an easy-to-use interface with agentic capabilities to assist and automate pentesting workflows.
AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.
This is the open sourced code for the extension, EndPointer
Unified Vulnerability Intelligence Platform
An AI-powered cybersecurity agent inspired by Claude Agent SDK, designed exclusively for defensive security operations.
If you found this, you are among the truly lucky, to be given providence to my curated and often custom wordlists. Enjoy, buddy, you've earned it.
Professional AI Hacking Platform
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."