734+ structured cybersecurity skills for AI agents · MITRE ATT&CK mapped · agentskills.io open standard · Works with Claude Code, GitHub Copilot, OpenAI Codex CLI, Cursor, Gemini CLI & 20+ platform…

Claude Code skill for AI-assisted bug bounty hunting - recon, IDOR, XSS, SSRF, OAuth, GraphQL, LLM injection, and report generation

Real-time global intelligence dashboard — AI-powered news aggregation, geopolitical monitoring, and infrastructure tracking in a unified situational awareness interface

Just provide a list of domains/subdomains and the script will automatically crawl HTML and JavaScript files to locate exposed Google API keys and test whether they have Gemini access.

pentestMCP: AI-Powered Penetration Testing via MCP, an MCP designed for penetration testers.

VSS Hardware Hacking Wiki and Blog Entries

This repository is a carefully chosen collection of cloud security-related interview questions and scenarios. This resource will help you explore different areas of safeguarding cloud systems, whet…

Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable SSRF candidates.

Open-source AI hackers to find and fix your app’s vulnerabilities.

Explanation and full RCE PoC for CVE-2025-55182

🍪 CookieMonster helps you detect and abuse vulnerable implementations of stateless sessions.

Projects for security students

a drop-in replacement for Nmap powered by shodan.io

HTTP parameter discovery suite.

Most advanced XSS scanner.

A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure code reviews. Features common vulnerabilities found in real-wor…

Digital fraud affects so many organizations. In this demo, you'll learn the components of a real-time fraud detection system, and how to build one with Tinybird.

Potentially dangerous files

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

Subdosec is a fast, accurate subdomain takeover scanner with no false positives. It also offers a database of sites vulnerable to subdomain takeover (public results), along with detailed metadata l…

The FOFA Library collects usage tips, common scenarios, F&Q, and more for FOFA.

An IIS short filename enumeration tool

Hound is a simple and light tool for information gathering and capture exact GPS coordinates

Open source fraud and abuse prevention tools

Android security insights in full spectrum.

A cheat sheet that contains advanced queries for SQL Injection of all types.

A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.

The Mobile App Pentest cheat sheet was created to provide concise collection of high value information on specific mobile application penetration testing topics.