Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.
Test your prompts, agents, and RAGs. Red teaming/pentesting/vulnerability scanning for AI. Compare performance of GPT, Claude, Gemini, DeepSeek, and more. Simple declarative configs with command line and CI/CD integration. Used by OpenAI and Anthropic.
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
Automated pentest reporting with custom templates, project tracking, customer dashboard and client management tools. Streamline your security workflows effortlessly!
Open Source Cloud Security
MCP for Security: A collection of Model Context Protocol servers for popular security tools like SQLMap, FFUF, NMAP, Masscan and more. Integrate security testing and penetration testing into AI workflows.
VULNRΞPO - Free vulnerability report generator and repository, end-to-end encrypted! Templates of issues, CWE,CVE,MITRE ATT&CK,PCI DSS, import Nmap/Nessus/Burp/OpenVAS/Bugcrowd/Trivy, Jira export, TXT/JSON/MARKDOWN/HTML/DOCX, attachments, automatic changelog, stats, vulnerability management, bugbounty, local ai/llm, super fast pentest reporting!
Tool to export Juice Shop challenges and hints in data format compatible with CTFd, RootTheBox or FBCTF
Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
AI-powered offensive security testing using autonomous agents, directly in your terminal.
[ARCHIVED] Evolved into BugTraceAI v2 — github.com/BugTraceAI/BugTraceAI
An organizational asset and vulnerability management tool, with Jira integration, designed for generating application security reports.
A Ligolo-ng JavaScript agent working inside Chrome & Chromium-based browsers by leveraging Isolated Web Applications.
wacat - Challenge Your Web App with Cat Chaos and AI-Driven Testing!
Moxy is an open-source DAST tool designed for modern web application security testing. It provides an easy-to-use interface with agentic capabilities to assist and automate pentesting workflows.
An AI-powered cybersecurity agent inspired by Claude Agent SDK, designed exclusively for defensive security operations.
AuditForge is a pentest reporting application making it simple and easy to write your findings and generate a customizable report.
This is the open sourced code for the extension, EndPointer
Unified Vulnerability Intelligence Platform
Add a description, image, and links to the pentesting topic page so that developers can more easily learn about it.
To associate your repository with the pentesting topic, visit your repo's landing page and select "manage topics."