security
Semgrep Pro Rules to ensure code using LLMs is following best practices.
Semgrep rules that catch common trust & safety mistakes in LLM-powered applications. Scan any codebase in seconds to find hardcoded API keys, missing safety checks, prompt injection risks, and unhandled errors across all major AI providers.
Local Privilege Escalation, as a Graph.
A BloodHound OpenGraph collector that models Windows local privilege escalation as interconnected attack paths.
Automatically load secrets from your preferred vault as environment variables or files, and clear them once your shell command is over.
Lade (/leɪd/) is a tool allowing you to automatically load secrets from your preferred vault into environment variables or files. It limits the exposure of secrets to the time the command requiring the secrets lives.
Related contents:
Unified Security Platform from Code to Runtime.
Protect against malicious code installed via npm, yarn, pnpm, npx, and pnpx with Aikido Safe Chain. Free to use, no tokens required.
Threat Designer is a GenerativeAI application designed to automate and streamline the threat modeling process for secure system design.
Threat Designer is an AI-driven agent that automates and streamlines the threat modeling process for secure system design. Harnessing the power of large language models (LLMs), it analyzes system architectures, identifies potential security threats, and generates detailed threat models—empowering developers and security professionals to incorporate security from the earliest stages of development.
Launched in 2016, the HTTP Observatory enhances web security by analyzing compliance with best security practices. It has provided insights to over 6.9 million websites through 47 million scans.
Related contents:
Network monitoring tool that maps process-to-network connections, identifies cloud providers, and detects beaconing activity. Zero-flag agent binary for deployment, aggregation server, offline ASN lookup.
Related contents:
mquire, a play on the memory and inquire words, is a memory querying tool inspired by osquery.
Zero-dependency Linux memory forensics PoC — leverages kernel-embedded BTF and kallsyms for type-aware memory analysis without external debug info.
Related contents:
Extensible MacOS system telemetry generator.
MacNoise is an extensible and modular macOS system telemetry generation framework. It generates real system events (network connections, file writes, process spawns, plist mutations, TCC permission probes, and more) so security teams can validate that their EDR, SIEM, and firewall tooling detects what it is supposed to detect.
Related contents:
CredData (Credential Dataset) is a set of files including credentials in open source projects. CredData includes suspicious lines with manual review results and more information such as credential types for each suspicious line.
CredData can be used to develop new tools or improve existing tools. Furthermore, using the benchmark result of the CredData, users can choose a proper tool among open source credential scanning tools according to their use case. We sincerely hope that CredData will help minimize credential leaks.
Related contents:
CredSweeper is an advanced credential detection tool designed to identify exposed credentials such as passwords, API keys, tokens, and other sensitive information across source code, configuration files, documents, and binary assets. CredSweeper scans regular files, embedded data in containers, and files added in Git commits. The tool combines pattern-based detection, machine learning–based validation, and deep file inspection to deliver comprehensive and accurate security scanning for modern codebases and repositories.
Related contents:
Security proxy for AI agents. Scans every message for prompt injection, PII, and secrets. Defense-in-depth: Go proxy + iptables firewall + eBPF kernel monitor. YAML policy engine, audit logging, 5 AI agents with RAG knowledge bases.
Security proxy for AI agents. Sits in front of OpenClaw and scans every message for prompt injection, PII leaks, and secrets — before they reach the model or leave the network.
MCP security testing framework for evaluating Model Context Protocol server vulnerabilities.
A Model Context Protocol (MCP) server built with FastMCP that provides various tools including Claude AI integration, text injection capabilities, and server information utilities. It is definitely super secure, you should definitely send confidential data through it, and definitely take everything it says as fact.
Related contents:
No-Code Security Automation Platform. Workflow automation for Security Teams.
ShipSec Studio provides a visual DSL and runtime for building, executing, and monitoring automated security workflows. It decouples security logic from infrastructure management, providing a durable and isolated environment for running security tooling at scale.
High-performance secrets scanner. CLI, Go library, Burp Suite extension, and Chrome extension. 459 detection rules with live credential validation.
Caterpillar is a security scanning library for AI agent skill files (e.g., Claude Code skills) for dangerous or malicious behavior.
Security scanner for AI agent skills. Scans for malicious patterns before you install.
Monitor your local neighbourhood's bluetooth activity.
Bluetooth Neighborhood - Track BLE devices in your area and analyze traffic patterns.
Related contents:
LLM Vulnerability Scanner.
Test large language models against 210+ adversarial attacks covering prompt injection, jailbreaks, encoding exploits, and data extraction.
Related contents:
Your browser catches homograph attacks. Your terminal doesn't. Tirith guards the gate — intercepts suspicious URLs, ANSI injection, and pipe-to-shell attacks before they execute.
(Rogue Office 365 and Azure (active) Directory tools)
A collection of Azure AD/Entra tools for offensive and defensive security purposes.
ROADtools is a framework to interact with Azure AD. It consists of a library (roadlib) with common components, the ROADrecon Azure AD exploration tool and the ROADtools Token eXchange (roadtx) tool.
Related contents:
CAPSlock is an offline Conditional Access (CA) analysis tool built on top of a roadrecon database. It helps defenders, auditors, and red teams understand how Conditional Access policies actually behave, not just how they are configured.
Related contents:
Implementing Open Source Security Tooling into your CI/CD Pipeline
Securing your Continuous Integration and Continuous Deployment (CI/CD) pipeline is no longer optional—it’s essential. This guide is your go-to resource for building, implementing, and optimizing secure CI/CD workflows. Whether you’re a developer, DevOps engineer, or security professional, we provide information on the open-source tools and guidance you need to model security at every stage of your pipeline. From securing code and builds to monitoring post-deployment environments, our hub empowers teams to integrate security seamlessly into their workflows without sacrificing speed or agility. Explore, learn, and transform your CI/CD processes into a fortress of innovation and resilience.
Related contents:
Security Scanner for Agent Skills.
A security scanner for AI Agent Skills that detects prompt injection, data exfiltration, and malicious code patterns. Combines pattern-based detection (YAML + YARA), LLM-as-a-judge, and behavioral dataflow analysis for comprehensive threat detection.
Related contents:
Fine-grained authorization for AI agents using OpenFGA.
AI agents are getting access to production systems - databases, APIs, file systems. But who decides what they can do? Traditional RBAC wasn't designed for autonomous agents that make decisions without human approval.
Related contents:
Fine-Grained Authorization. A high performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar
Relationship-based access control made fast, scalable, and easy to use.
OpenFGA is an open-source authorization solution that allows developers to build granular access control using an easy-to-read modeling language and friendly APIs.
Related contents:
Proof-of-Concept tool for extracting NTLMv1 hashes from sessions on modern Windows systems.
Related contents:
LLM Service Fingerprinting Tool.
Simple LLM service identification - translate IP:Port to Ollama, vLLM, LiteLLM, or 30+ other AI services in seconds.
Julius is an LLM service fingerprinting tool for security professionals. It detects which AI server software is running on network endpoints during penetration tests, attack surface discovery, and security assessments.
Unlike model fingerprinting tools that identify which LLM generated text, Julius identifies the server infrastructure: Is that endpoint running Ollama? vLLM? LiteLLM? A Hugging Face deployment? Julius answers in seconds.
Related contents:
The bridge between Burp Suite and modern AI.
Burp AI Agent is an extension for Burp Suite that integrates AI capabilities into your security workflow.
Burp Suite extension that adds built-in MCP tooling, AI-assisted analysis, privacy controls, passive and active scanning and more
Related contents:
Minimal CVE Hardened container image collection.
A collection of production-ready container images with minimal CVEs, rebuilt daily using Chainguard's apko and Wolfi packages. By including only required packages, these images maintain a reduced attack surface and typically have zero or near-zero known vulnerabilities.
Related contents:
SysWarden is a tool based on the Data-Shield IPv4 Blocklists Community, Wazuh and Fail2ban that blocks up to 99% of noisy, disruptive, and malicious IP addresses and focuses on real signals.
Related contents:
Data-Shield IPv4 Blocklist Community provides an official, curated registry of IPv4 addresses identified as malicious. Updated continuously, this resource offers vital threat intelligence to bolster your Firewall and WAF instances,...
Related contents:
Matchlock secures AI agent workloads with a Linux-based sandbox.
Matchlock is a CLI tool for running AI agents in ephemeral microVMs - with network allowlisting, secret injection via MITM proxy, and VM-level isolation. Your secrets never enter the VM.
A simple application that extracts your IoCs from garbage input and checks their reputation using multiple CTI services.
Cyberbro is an open-source threat intelligence and indicator analysis platform. Whether you're a new user or a seasoned developer, this documentation will help you get started, configure, and make the most of Cyberbro's features.
Related contents:
SDLC Infrastructure Threat Framework
A comprehensive framework for understanding and mitigating supply chain security threats across the Software Development Lifecycle infrastructure.
Related contents:
AI-powered subdomain enumeration tool with local LLM analysis via Ollama - 100% private, zero API costs.
God's Eye is a powerful, ultra-fast subdomain enumeration and reconnaissance tool written in Go. It combines multiple passive sources with active DNS brute-forcing and comprehensive security checks to provide a complete picture of a target's attack surface.
Related contents:
Secure SSH bastion & PAM/NSS modules for LemonLDAP::NG - Centralized SSH & sudo access control with SSO integration.
Control SSH access and sudo privileges on your Linux servers through a centralized bastion server.
Open Bastion integrates your servers with LemonLDAP::NG (LLNG) to centrally manage who can SSH into which servers and who can use sudo. Administrators define access rules in the portal, and the PAM/NSS modules enforce them on each server.
Related contents:
OpenSource compliance CLI for GitLab CI/CD.
Analyze your GitLab CI/CD pipelines for security and compliance: pipeline composition (templates, components, version constraints), container images (mutable tags, trusted registries), and branch protection settings.
Plumber is a compliance scanner for GitLab. It reads your .gitlab-ci.yml and repository settings, then checks for security and compliance issues.
Related contents:
Scan websites for exposed Supabase JWTs, enumerate accessible tables, and detect sensitive data exposure automatically.
A Python script that scans websites for exposed Supabase JWT tokens, enumerates accessible database tables, and analyzes them for sensitive data exposure. The script automatically detects sensitive information (emails, passwords, API keys, PII, financial data, etc.) and classifies vulnerability levels to identify which tables pose security risks.
Hunt Smarter, Hunt Harder.
Active Directory Security Analysis Platform.
ADTrapper is a comprehensive security analysis platform designed for cybersecurity professionals to analyze Windows Active Directory authentication logs. The platform provides advanced threat detection, anomaly analysis, and interactive visualizations to help identify and investigate security incidents.
Production-ready, Dockerized MCP (Model Context Protocol) servers for offensive security tools. Enable AI assistants like Claude to perform security assessments, vulnerability scanning, and binary analysis.
A high-speed covert tunnel that disguises TCP traffic as SMTP email communication to bypass Deep Packet Inspection (DPI) firewalls.
Related contents:
Open-source offensive security platform for conducting phishing campaigns that weaponizes iCalendar automatic event processing.
Tangled is a phishing platform designed from an offensive security perspective. It automates many of the aspects of social engineering campaigns delivery and weaponizes iCalendar rendering features in Microsoft Outlook & Gmail (Google Workspace) to deliver spoofed meeting invites that are automatically added to a user's calendar without interaction.
Exploration into public Certificate Transparency Logs.
Real-time Certificate Transparency log explorer. Watch newly issued TLS certificates appear as they're published to public CT logs. CertTrack monitors Certificate Transparency logs in real-time, showing you newly issued TLS certificates as they appear. You can watch the stream of certificates, filter by domain, and explore the details of each certificate.
Related contents:
A VS Code/Cursor extension capable of performing realtime security monitoring from inside the IDE.
IDE Shepherd is a security extension for VS Code and Cursor IDEs that provides real-time runtime protection against malicious extensions and supply chain attacks. Using advanced require-in-the-middle (RITM) instrumentation, IDE Shepherd intercepts Node.js primitives at the module loading layer, enabling comprehensive monitoring and blocking of suspicious network requests, process executions, dynamic code evaluation, and workspace tasks.
Related contents:
AI Code Security Anti-Patterns distilled from 150+ sources to help LLMs generate safer code.
A comprehensive security reference distilled from 150+ sources to help LLMs generate safer code.
Related contents:
Brakeman Security Scanner. Secure Your Rails Applications
Brakeman is a free vulnerability scanner designed for Ruby on Rails applications. Statically analyze Rails application code to find security issues at any stage of development.
News on data leaks in France
Secure visual editor for .env files that masks sensitive secrets while allowing easy editing.
Dotenv Mask Editor provides a table-based interface for .env files. It is designed to reduce the accidental exposure of sensitive values by masking strings that meet a length threshold. All processing is done locally within your editor.
Related contents:
aura-inspector is a Swiss Army knife of Salesforce Experience Cloud testing. It facilitates in discovering misconfigured Salesforce Experience Cloud applications as well as automates much of the testing process. Some of it's functionality includes:
Related contents:
Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows.
A Claude Code plugin marketplace from Trail of Bits providing skills to enhance AI-assisted security analysis, testing, and development workflows.
Related contents:
AWS Attack Path Scanner. Discover privilege escalation paths across 10+ AWS services.
Heimdall is an AWS security scanner that discovers privilege escalation paths attackers could exploit to gain admin access.
Related contents:
NGINX Configuration Security & Hardening Scanner.
Gixy-Next (Gixy) is an open-source NGINX configuration security scanner and hardening tool that statically analyzes your nginx.conf to detect security misconfigurations, hardening gaps, and common performance pitfalls before they reach production. It is an actively maintained fork of Yandex's Gixy. Gixy-Next's source code is available on GitHub.
Related contents:
Advanced Kubernetes Architecture Security Tool.
This tool allows to perform the reconstruction of complex attack paths by graph generation in a Kubernetes cluster. It uses Neo4j for the storage of objects and relationships in database as well as neodash for visualization. The language Cypher as MySQL allows queries to the database to retrieve graphs. It can be used by security auditors to quickly identify attack paths or security experts to monitor theses paths.
Related contents:
A powerful Burp Suite extension for JavaScript static analysis. Extracts API endpoints, URLs, secrets, and email addresses from JavaScript files with intelligent noise filtering. The goal is reduce noise as much as possible to ensure the accuracy
A framework for finding JavaScript memory leaks and analyzing heap snapshots. Analyzes JavaScript heap and finds memory leaks in browser and node.js.
Related contents:
Security, visibility, and authorization for AI agents
Leash wraps AI coding agents in containers and monitors their activity. You define policies in Cedar; Leash enforces them instantly.
Authorize and monitor your AI agents with policy enforcement, sandboxed execution, and real-time observability—ensuring they operate safely within your defined boundaries.
A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
This repository contains intentionally vulnerable implementations of Model Context Protocol (MCP) servers (both local and remote). Each server lives in its own folder and includes a dedicated README.md with full details on what it does, how to run it, and how to demonstrate/attack the vulnerability.
threat modelling configuration language with hcl.
There are many different ways in which a threat model can be documented. From a simple text file, to more in-depth word documents, to fully instrumented threat models in a centralised solution. Two of the most valuable attributes of a threat model are being able to clearly document the threats, and to be able to drive valuable change.
A security auditor for Tailscale configurations. Scans your tailnet for misconfigurations, overly permissive access controls, and security best practice violations.
Protect your SSH keys with your Mac's Secure Enclave.
Secretive is an app for protecting and managing SSH keys with the Secure Enclave.
Related contents: