Open-source AI hackers to find and fix your app’s vulnerabilities.

HexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly bridge LLMs with real-world offensive security capabilities.

CyberStrikeAI is an AI-native security testing platform built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, and comprehensive lifecycle management capabilities.

PentestAgent is an AI agent framework for black-box security testing, supporting bug bounty, red-team, and penetration testing workflows.

A AI general-purpose state-space search engine, validated first on autonomous penetration testing.

LockKnife: The Ultimate Android Security Research Tool. A unified TUI workspace and headless CLI for deep Android security research, built for researchers and hackers. Powered by Python orchestration and a Rust-accelerated core, enabling AI agent–driven hacking, credential recovery/cracking, APK analysis, intelligence gathering, runtime inspection.

针对于红队攻击思维做出的red team模式(让你的codex像红队一样思考！)，可在单对话使用（目前只支持5.4，5.5需要过cyber认证，可自行适配其他AI）

Penetration Testing AI Assistant based on open source LLMs.

SkyHacks: A monstrous AI-driven brute force tool 🕷️ that mercilessly obliterates BlueSky accounts. Fueled by sinister wordlists, it tears through defenses with horrifying precision. Unleash the terror! 🔥👾

🧾 | Use these AI prompts to refine your searches, improve accuracy, and get detailed, context-driven responses that precisely match your queries.

One command installs 580+ security tools on Linux & Termux; an authorization-gated MCP server picks tools and runs them with you — companion by default, an autonomous solver when you ask. Modular bash installer (18 modules, 14 profiles) + 870+ Claude Code skills for AI-assisted ethical hacking: CTF, pentest, bug bounty, DFIR, red & blue team.

Lakera Gandalf AI challenge's step by step walkthrough, showcasing real-world prompt injection techniques and LLM security insights.

A real-world look at how hidden instructions in profiles and emails trick AI into unexpected outputs, revealing the subtle risks of indirect prompt injection.

Weaponizing LLM prompt injection to hijack user deletion logic — an offensive deep dive into excessive agency abuse.

Mergen is an MCP server that gives your AI a real red team brain. It doesn't just run tools, it picks the right ones, chains them together, and actually makes sense of the output. Built by pentesters, for pentesters who are tired of babysitting scripts.

The definitive guide to AI-powered offensive security, exploring advanced tactics in AI-driven phishing, malware development, botnet orchestration, and autonomous network exploitation. A comprehensive resource for ethical hackers, security researchers, and red teamers.

🐻 BearStrike AI: High-Signal Pentesting Console (MCP-First, Model-Agnostic). Build fast, low-noise security workflows with queue-first execution, skills-aware planning, and 150+ integrated tools.

Comprehensive red team methodology for Web LLM attacks, topics: llm-security, prompt-injection, web-security, red-teaming, owasp, agentic-ai

🤖 Build advanced AI agents with a collection of production-ready applications using modern frameworks for single and multi-agent systems.

Unleash the dark art of cybersecurity with KuyHack, a Python-based beast wielding AI-driven brute force to shatter KuySocial accounts. Its sinister login manipulation evades detection, striking fear into servers. For ethical hacking only—wield this power responsibly.