Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.

Automated pentest reporting with custom templates, project tracking, customer dashboard and client management tools. Streamline your security workflows effortlessly!

Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.

渗透测试Payload速查平台 | Pentest Payload Quick Reference | XSS/SQLi/SSRF/RCE | React+TypeScript

🔍 Chrome扩展，为安全研究和渗透测试提供Google/百度/Bing高级搜索语法快捷执行。一键Dorking、批量提取URL、智能过滤黑名单，大幅提升信息收集效率。 🔍 Chrome extension for security research and penetration testing. One-click advanced search (Dorking) on Google/Baidu/Bing, bulk URL extraction, smart blacklist filtering. Boost OSINT efficiency.

AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.

Unified Vulnerability Intelligence Platform

CStrike v2.6 — Offensive Security Platform. 35+ tools, 9-container Docker stack, self-update system, parallel port scanning, VPN kill-switch. Dual-arch (amd64/aarch64) VM distribution.

ZAPISEC WAF-Copilot is an automated AI-powered security framework for web applications with a focus on highly configurable streamlined vulnerability assessment process via AI engines, CVE data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface.

Open-source AI security benchmarking CLI. Measure how AI models perform offensive security tasks with MITRE ATT&CK analysis and KSM scoring.

🛡️ A penetration testing tool for firestore databases

This repository contains a POC of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell.

The first security CTF lab built with React and Next.js. Open you browser and start hacking.

HTTP session viewer

Automate JS analysis on modern JS apps

AI-powered offensive security agent. Autonomous pentesting with 4 specialized agents, 120+ OWASP test cases, and Kali Linux integration. Your AI red team operator.

Examples of AWS CDK/CloudFormation and other goodies related to security 🔐, devops 🔧 and cloud ⛅️ development

Security-C4PO is an open-source web-application for managing and documenting penetration tests. This tool allows a security tester to keep track of the testing progress according to the OWASP Testing Guide. This application aims to make the offical Testing Guide more actionable to work with.

WordPress pentest tool

Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark. can use a cli-proxy