Submit your favorite resources for free.
Browse the newest offensive security tools, platforms, and services recently added to HackDB.
Xygeni is an AI-powered ASPM platform that secures the software supply chain by detecting malware, secrets, and vulnerabilities across CI/CD pipelines.
KittySploit is a modular exploitation framework featuring a web proxy and AI-powered analysis to help red teams automate recon and vulnerability research.
The OWASP AI Testing Guide provides a framework for assessing AI security, covering adversarial robustness, data poisoning, and privacy for AI systems.
Titus is a high-performance secrets scanner that detects and validates leaked credentials in code, binaries, and HTTP traffic for offensive engagements.
Webhook.site allows red teams to capture and inspect HTTP requests in real-time. It is essential for testing blind OOB vulnerabilities and exfiltration.
ShipSec Studio is an open-source security platform for red teams to build visual workflows for tool orchestration, recon, and vulnerability scanning.
Julius is an open-source LLM service fingerprinting tool that identifies Ollama, vLLM, LiteLLM, and 30+ other AI services running on network endpoints.
MCPHammer is a security assessment tool for the Model Context Protocol. It helps red teams test LLM integrations for prompt injection and data leakage.
Brutus by Praetorian is a CI/CD security tool that automates the discovery of vulnerabilities in build pipelines for red teams and security engineers.
Hunt for AI coding artifacts containing secrets by scanning public GitHub repositories for leaked credentials in AI coding tool configuration files.
See-SURF is an AI-powered security tool designed to find and validate potential Server Side Request Forgery (SSRF) parameters in web applications.
Automated Pass-the-Ticket (PtT) attack. Standalone alternative to Rubeus and Mimikatz for this attack, implemented in C++ and Python.