Shannon Lite is an autonomous, white-box AI pentester for web applications and APIs. It analyzes your source code, identifies attack vectors, and executes real exploits to prove vulnerabilities before they reach production.

This repository contains all the examples related to a series of tutorials that demonstrate how to use the new Montoya API of Burp Suite to create extensions that will greatly simplify our pentester lives.

Black SMS is an android SMS spyware. Black SMS uses Telegram API to forward victim's incoming SMS to the pentester via Telegram group or channel. To use Black SMS, please read the documentation carefully.

Your agentic API security engineer. Built by the community, for builders who care about security but don't have unlimited time or budget. Point it at your API docs it hunts down the deep vulnerabilities that actually get you breached.

Attempts to suspend all known AV/EDRs processes on Windows using syscalls and the undocumented NtSuspendProcess API. Made with <3 for pentesters. Written in Rust.

Webarchive is a Go package for pentesters and developers to interacting with the Wayback Machine's CDX API and integrate web archive utilities into your Golang projects.

Web Fuzzer & Vulnerability Scanner for Penetration Testing & Bug Bounty. ffuf/gobuster alternative with 200+ features: WAF Bypass, API Fuzzing (REST/GraphQL/WebSocket), CAPTCHA Detection, Directory Bruteforce, Subdomain Enumeration, Security Testing, CORS/XSS/SQLi scanning. Fast (162 req/sec), Rust-powered. For pentesters & security researchers 🔐

🚀 Pipeline automatizado para enumeração massiva de subdomínios — Subfinder + AssetFinder + AmassEnum + Findomain + Cert.sh + HTTPX. Docker, wordlists e APIs integradas. Feito para Pentesters e Bug Bounty Hunters.

strumento avanzato di intelligence su fonti aperte (OSINT) progettato per professionisti della sicurezza, ricercatori e pentester. Offre analisi complete di domini, indirizzi IP, email e username con integrazioni multiple API.

Map API endpoints from OpenAPI, probe no-auth vs. authenticated access (RBAC matrix), and generate HTML findings — with strict scope safety, pacing, and evidence redaction. Read-only recon for pentesters and bug bounty hunters

Uma API feita pra criaçao de malware para hackers eticos e pentesters

Passive web security reconnaissance platform. Detects exposed API keys, tokens, configs, and tech stack for pentesters

Kal-droid is free, fast, lightweight, and simple android emulator for pentester and aslo normal usage . its support latest android apis.

PentestGPT is a fully autonomous AI pentester for web apps and APIs. 96.15% (100/104 exploits) on a hint-free, source-aware variant of the XBOW benchmark.

This dataset catalogs common API misconfiguration vulnerabilities across various API types, including REST, GraphQL, SOAP, gRPC, WebSocket, and others. Each entry details a specific security issue, its associated risks, impacts, and recommended mitigations, serving as a valuable resource for security researchers, developers, and pentesters.

Ophidian is a new project of mine. Intended to manifest at least initially as a Discord & Slack bot, it will serve as an all-in-one tool for pentesters, threat hunters, and IR specialists alike. The feature list is incomplete at this point as it's more of an idea than anything else, but I intend to integrate it with several APIs such as MetaDefender, VirusTotal, any.run and more to provide a quick and easy threat lookup, as well as easy access to open source database searches such as exploitdb and such. A more detailed description and initial code will be added as I get time to work on the project.

No description available

Pen-test API which can be used by any IoT Platform to test edge devices.

No description available

An API to be consumed by pentesters

Building a local APi testing client for pentesters

Shannon AI Pentester - Works with Claude Code Max/Pro OAuth (no API key needed)

X-PENTESTER is a comprehensive automated penetration testing framework for web applications and APIs.

Fast api application for pentester to share their pocs with their client it in a secure way

Multifunctional Telegram bot for developers, pentesters, and sysadmins. Automate diagnostics, security checks, and API testing — all from Telegram.

A hands-on API security training platform for bug bounty hunters, pentesters, and developers. Practice real-world API vulnerabilities in a safe, local environment.

Dapper helps security teams test web apps and APIs like a pentester would: analyze the code, exercise the live app, validate exploitability, and return actionable findings.

Shannon Lite is a fully autonomous AI pentester for web apps and APIs. 96.15% (100/104 exploits) on a hint-free, source-aware variant of the XBOW benchmark.

Modular Recon & Cracking Framework Turn reconnaissance data into actionable exploits with automated pipelines and a user-friendly Flask Web UI. Ideal for pentesters leveraging APIs (Shodan, Censys, Hunter.io, HIBP) and integrating Hashcat.

KeyHunt adalah tool sederhana untuk mendeteksi API key atau token sensitif yang tersembunyi di dalam file JavaScript. Tool ini dirancang untuk membantu bug hunter, pentester, dan security researcher menemukan kemungkinan kebocoran kredensial secara cepat dan efisien.