A curated, verified list of AI-powered tools for smart contract and blockchain security

Autonomous Web3 security audit agent for Claude Code

Patch for Akto API Security (community) that removes "Access Restricted" and "Dashboard Expired" errors by redirecting the Amazon CloudFront JS asset to a locally modified main.js. Includes SSL cer…

The Ultimate XSS Hunter — Context-Aware, AI Heuristic, DOM/SPA, Stealth, OOB

Open-source platform for creating safe, isolated production sandboxes for API, integration, and E2E testing.

Rust-powered HTTP Request Smuggling Scanner.

High-performance browser automation bridge and multi-instance orchestrator with advanced stealth injection and real-time dashboard.

A reverse-engineering agent for IDA Pro and Binary Ninja

evilwaf is a penetration testing tool designed to detect and bypass common Web Application Firewalls (WAFs).

The Inescapable Auditor -- iterative deep-logic security audit agent for Claude Code

Solidity smart contract auditor leveraging static analysis, Solodit findings and Map, Hunt, Attack strategy

Structured skills for smart contract security audits. Infers state invariants, detects semantic guard gaps, models flash loan + oracle attack chains, simulates adversarial exploits, and scores find…

A Claude Code skill that scans Solidity codebases for security vulnerabilities by referencing 36 unique vulnerability types

Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Pashov Audit Group Skills

Capture HTTP/HTTPS traffic from Android apps and send to Proxyman for debugging.

Malwoverview is a first response tool for threat hunting across VirusTotal, Hybrid Analysis, URLHaus, Polyswarm, Malshare, Alien Vault, Malpedia, Malware Bazaar, ThreatFox, Triage, IPInfo, Shodan, …

Semantic SBOM diff and TUI analysis tool. Compares CycloneDX/SPDX files to component changes, dependency shifts, license conflicts, and vulnerabilities.

High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 487 detection rules with live credential validation.

A complete workflow automation and server monitoring system.

An AI-powered agentic red team framework that automates offensive security operations, from reconnaissance to exploitation to post-exploitation, with zero human intervention.

Real-time global intelligence dashboard — AI-powered news aggregation, geopolitical monitoring, and infrastructure tracking in a unified situational awareness interface

AdaptixC2 is a highly modular advanced redteam toolkit

AI-powered vulnerability scanner extension for Burp Suite with multi-provider support (Ollama, OpenAI, Claude, Gemini)

Fully autonomous AI Agents system capable of performing complex penetration testing tasks

AI Bill of Materials — discover every AI agent, model, and API in your infrastructure

Runtime security enforcement and threat hunting engine for autonomous AI fleets. Build Swarm Detection & Response (SDR) platforms with Clawdstrike.

Tool for reversing Google internal protobuf definitions