Web path scanner

一个攻防知识库。A knowledge base for red teaming and offensive security.

A Windows reverse shell payload generator and handler that abuses the http(s) protocol to establish a beacon-like reverse shell.

Red Team's SIEM - tool for Red Teams used for tracking and alarming about Blue Team activities as well as better usability in long term operations.

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

A AI general-purpose state-space search engine, validated first on autonomous penetration testing.

C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.

A security scanner for your LLM agentic workflows

Internal Safety Collapse: Turning the LLM or an AI Agent into a sensitive data generator.

Python AV Evasion Tools

AWS CloudSaga - Simulate security events in AWS

The open-source diagnostic for AI misalignment. 32 tests across fabrication, manipulation, deception, unpredictability, and opacity. Provider-agnostic. Runs against OpenAI, Anthropic, Bedrock, Azure, Gemini, and more. Letter grade in under 5 minutes, content-addressed manifest for bit-identical replay. Built by iMe.

Compiled tools for internal assessments

A lightweight active and passive scanner that combines the advantages of local and distributed models, supports dynamic external plugin import, and is dedicated to exploring web black-box vulnerabilities.

Agent trace and tool-use safety evaluation lab.

Moonshot - A simple and modular tool to evaluate and red-team any LLM application.

PyIris is a modular remote access trojan toolkit written in python targeting Windows and Linux systems.

Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks, test prompt injection resistance, and audit live MCP servers for tool poisoning.

Open-source red teaming framework for MLLMs with 42+ attack methods

[ICML 2026 & ICLR 2026 AIWILD] Official Implementation of the CKA-Agent, "The Trojan Knowledge: Bypassing Commercial LLM Guardrails via Harmless Prompt Weaving and Adaptive Tree Search".