Search Packages

sqlmap

Automatic SQL injection and database takeover tool

fray

Open-source WAF Security Testing Platform — 7,200+ attack payloads, 98 WAF/CDN fingerprints, AI-powered bypass engine, recon pipeline, beautiful CLI output

phantom-agent

Autonomous Offensive Security Intelligence AI-powered multi-agent penetration testing

medusa-security

AI-first security scanner with 76 analyzers, 9,600+ detection rules, and repo poisoning detection for AI/ML, LLM agents, and MCP servers. Scan any GitHub repo with: medusa scan --git user/repo

ptai

The most autonomous pentesting AI on the market. MCP server + Python agents with 150+ security tools, exploit chaining, and PoC validation.

agentseal

Security toolkit for AI agents. Scan your machine for dangerous skills and MCP configs, monitor for supply chain attacks, test prompt injection resistance, and audit live MCP servers for tool poisoning.

wordfence

Wordfence malware and vulnerability scanner command line utility.

quodeq

AI-powered code quality and security scanner. Open source, MIT, runs locally. <🧭>

selvo

Linux dependency blast-radius ranker — surfaces highest-value CVE patch opportunities

mcp-audit-scanner

Security scanner for MCP (Model Context Protocol) server configurations. Detects prompt injection, credential exposure, supply chain risks, and more.

reconninja

⚡ ReconNinja v8.2.1 — 38-phase recon framework for pentesters & bug bounty hunters. Subdomain enum → port scan → web recon → WAF/CORS/JS/cloud bucket detection → GitHub OSINT → CVE lookup → AI threat analysis → HTML report. Domains, IPs, CIDRs, target lists. Plugin system. 598 tests.

securescan

Security scanning without the SaaS tax. Multi-scanner orchestration, baseline diffing, SBOM + SARIF, signed everything — runs in your terminal, your CI, or a dashboard you own.

cloud-audit

Fast, opinionated AWS security scanner. Curated checks. Zero noise. Copy-paste fixes.

numasec

AI agent for penetration testing. Like Claude Code, but for security. Open source, MCP-native, works with any LLM.

agent-audit

Static security scanner for LLM agents — prompt injection, MCP config auditing, taint analysis. 49 rules mapped to OWASP Agentic Top 10 (2026). Works with LangChain, CrewAI, AutoGen.

contractscan-mcp

ContractScan MCP Server — multi-engine Solidity vulnerability scanner for LLM agents

nodriver-proxy-mcp

Unified MCP Server for Web Security — 39 tools for autonomous pentesting

wshawk

Open source toolkit for WebSocket security testing, web application penetration testing, and stateful attack validation. It combines a CLI scanner, web dashboard, Electron desktop app, browser companion, and project-backed workflows for authorized security assessments.

vulnhawk

AI-powered code security scanner that finds vulnerabilities Semgrep and CodeQL miss

nettacker

Automates information gathering, vulnerability scanning and aids penetration testing engagements in general

basilisk-ai

Basilisk — Open-source AI red teaming framework with genetic prompt evolution. Automated LLM security testing for GPT-4, Claude, Grok, Gemini. OWASP LLM Top 10 coverage. 32 attack modules.

vaultbreaker

Minecraft server vulnerability scanner with local AI risk scoring and HTML reports

commi3

Commi3 is an Automated Commando Line Tool (ACLT) that can be used from web developers and so on.

osv-lib

Python library for calling OSV (https://osv.dev/)