Sandboxed devcontainer for running Claude Code in bypass mode safely. Built for security audits and untrusted code review.

Automatic Exploit Generation with LLMs

DeepAudit：人人拥有的 AI 黑客战队，让漏洞挖掘触手可及。国内首个开源的代码漏洞挖掘多智能体系统。小白一键部署运行，自主协作审计 + 自动化沙箱 PoC 验证。支持 Ollama 私有部署 ，一键生成报告。支持中转站。​让安全不再昂贵，让审计不再复杂。

微舆：人人可用的多Agent舆情分析助手，打破信息茧房，还原舆情原貌，预测未来走向，辅助决策！从0实现，不依赖任何框架。

Diagram as Code Tool Written in Rust with Draggable Editing

AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of s…

The most complete code auditing platform with thousands of real-world challenges

XBOW Validation Benchmarks

YuraScanner

ARVO: an Atlas of Reproducible Vulnerabilities in Open source software.

CVE-Bench: A Benchmark for AI Agents’ Ability to Exploit Real-World Web Application Vulnerabilities

Produce code coverage reports for AFL++ fuzzing campaigns with source code or in binary-only mode

Open-Source Chrome extension for AI-powered web automation. Run multi-agent workflows using your own LLM API key. Alternative to OpenAI Operator.

https://arxiv.org/abs/2412.02776

WinVisor - A hypervisor-based emulator for Windows x64 user-mode executables using Windows Hypervisor Platform API

Paper and implementation of "SAND: Decoupling Sanitization from Fuzzing for Low Overhead"

Static binary instrumentation for windows kernel drivers, to use with winafl

CTF平台 支持docker 动态部署题目、分数统计、作弊检测，静态题目，漏洞复现,ctf platform,

Loki - Simple IOC and YARA Scanner

Coverage-guided Fuzzing as Online Stochastic Control

SWE-agent takes a GitHub issue and tries to automatically fix it, using your LM of choice. It can also be employed for offensive cybersecurity or competitive coding challenges. [NeurIPS 2024]

A patched QEMU that exposes an interface for LibAFL-based fuzzers

Only included Word, Excel, PowerPoint.

Morion is a PoC tool to experiment with symbolic execution on real-word (ARMv7) binaries.

XBOW Validation Benchmarks

A TCP/UDP based network daemon fuzzer

A prototype of Shared-keywords aware Taint Checking, a novel static analysis approach that tracks the data flow of the user input between front-end and back-end to precisely detect security vulnera…