Trail of Bits Claude Code skills for security research, vulnerability detection, and audit workflows

Collection of extracted System Prompts from popular chatbots like ChatGPT, Claude & Gemini

AI-powered workflow automation and AI Agents platform for AppSec, Fuzzing & Offensive Security. Automate vulnerability discovery with intelligent fuzzing, AI-driven analysis, and a marketplace of s…

GitHub Attack Toolkit - Extreme Edition - A static analysis and exploit toolkit for GitHub Actions.

Open source security data lake for threat hunting, detection & response, and cybersecurity analytics at petabyte scale on AWS

Various tips & tricks

Generate Multi-Account IAM users/groups/roles/policies from a simple YAML configuration file and Jinja2 templates.

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized report.

Least privilege AWS IAM Terraformer

Botnet

🔎 Static code analysis engine to find security issues in code.

The Darknet Market Bible

This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.

Open source templates you can use to bootstrap your security programs

This repository contains various attack against Large Language Models.

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

backup a github user or organization

Interactive Terraform visualization. State and configuration explorer.

Terravision creates Professional Cloud Architecture Diagrams from your Terraform code automatically. Supports AWS, Google and Azure.

Docker goof version of breaking into a container

⬆️ ☠️ 🔥 Automatic Linux privesc via exploitation of low-hanging fruit e.g. gtfobins, pwnkit, dirty pipe, +w docker.sock

Python Command-Line Ghidra Binary Diffing Engine

A web server designed to shut off on command to exploit DNS rebinding in Chromium-based browsers

A DNS server that can be used to delay A and AAAA responses to help exploit DNS rebinding in Safari

MetaHub is an automated contextual security findings enrichment and impact evaluation tool for vulnerability management.

Enable code scanning and secure your code with CodeQL.