automated web assets enumeration & scanning [DEPRECATED]

Burp Extension that copies a request and builds a FFUF skeleton

Simple enumeration script which utilises different Kali tools

Kharon is an automated web-server ctf scanner which perform basic tasks of webserver pentesting. Written in Python.

[WIP] Extensible LLM-powered wordlist generator for penetration testing. Creates intelligent, context-aware wordlists using AI to understand seed word relationships. Highly configurable with support for multiple wordlist types and LLM providers.

LLM-driven automated penetration testing pipeline — subdomain → probing → endpoints → fuzz → JS audit → auth analysis → API scoring → unauth API verification. Evidence-backed, multi-format reports, Tool Cards, Planner/Verifier/Reporter contracts.

A comprehensive, Docker-based security scanning toolkit for web applications. Run multiple industry-standard security tools with a single command.

Automate Initial CTF Scanning

Intelligent fuzzing tool integrating LLM-driven wordlist selection, automated FUZZ mode detection, GPT-generated payloads, multi-threaded scanning, and advanced response filters modeled after ffuf.

DirX is a high-performance directory brute-force tool designed for fast and precise web reconnaissance. Powered by async scanning, it offers status filters, response exclusion, proxy support, and real-time progress with ETA, helping pentesters and bug bounty hunters discover hidden endpoints efficiently.

Blind-Boolean SQLi automation using FFUF

A Python script for web fuzzing in penetration testing. Replace 'FUZZ' in the target URL with payloads from a wordlist, customize headers, and filter responses by status codes, length, and size. Inspired by FFUF, this tool aids security assessments with a user-friendly command-line interface. Developed by Wiktor Nowakowski.

AI-powered FFUF wrapper using free Hugging Face Qwen/Qwen2.5-1.5B-Instruct local Ai model — no paid API key required.

collection of Python scripts for automating tasks in CTFs

Python-based Web Reconnaissance & Reporting Toolkit - Orchestrates Nmap, ffuf, and Nuclei for automated security scanning with CSV/JSON reporting

Orchestrator for CTF enumeration: nmap → ffuf pipelines with plugin architecture.

Gemini CLI Agent Skills

AI-powered recon triage tool for Bug Bounty and offensive security workflows.

Compile schema-driven prompts, skills, and workflows into deterministic, framework-independent execution plans for AI systems