AI Summary: ADB WebKit is a browser-based tool designed for managing Android devices via ADB (Android Debug Bridge) with an intuitive user interface. Its primary use case includes functionalities like application management (installing, uninstalling, granting permissions), shell access, screen capture, and device control commands, making it a comprehensive solution for developers and testers. Notable features include support for live application management, real-time screen interactions, and various device control options, all accessible through a USB connection or IP address.

AI Summary: Aleph is an open-source tool designed for indexing and searching large volumes of documents and structured data, primarily aimed at facilitating investigative reporting. Its notable features include the ability to cross-reference entities against various watchlists, enhancing the efficiency of data analysis for reporters and organizations engaged in investigative work. As of December 2025, the project is transitioning to a new platform, Aleph Pro, while transitioning support for the current version will continue until that date.

AI Summary: AppMon is an automated framework designed for monitoring and tampering system API calls in native macOS, iOS, and Android applications, leveraging the capabilities of Frida. Its primary use case includes intercepting API calls to analyze app behavior and manipulating these calls to alter the original application functionalities. Notable features encompass an API sniffer, an intruder for data manipulation, an Android tracer for analyzing APKs, and tools for creating inspectable IPAs and APKs on non-jailbroken and non-rooted devices respectively.

AI Summary: ArcherySec is an open-source vulnerability assessment and management tool designed to integrate with CI/CD pipelines, allowing for automated security testing based on scan results. It utilizes popular open-source scanning tools to perform comprehensive web and network vulnerability assessments, while also providing features for vulnerability prioritization, management, and collaboration of scan data. Key functionalities include integration with REST APIs for developers, authenticated web scanning, and support for various third-party tools like OpenVAS and OWASP ZAP.

AI Summary: Baileys is a WebSockets-based TypeScript library designed for direct interaction with the WhatsApp Web API, eliminating the need for Selenium or any browser, thus optimizing memory usage. It supports both the multi-device and web versions of WhatsApp, allowing developers to efficiently implement messaging functionalities. Notable features include a simplified interface for interaction and removal of browser dependencies, reducing resource overhead.

README

[!CAUTION] NOTICE OF BREAKING CHANGE.

AI Summary: CaptfEncoder is an open-source, cross-platform network security tool suite designed for code conversion, cryptography, and a variety of online query tools. It features a wide range of encoding methods, classical ciphers, and modern cryptographic algorithms, enabling users to perform tasks such as data encoding, encryption, and security analysis efficiently. The tool is built in Rust, ensuring enhanced performance and supports a variety of operating systems including Windows, Linux, and macOS.

AI Summary: Crucix is an open-source intelligence tool that aggregates real-time data from 27 diverse sources—including satellite fire detection, flight tracking, and economic indicators—into a single, self-hosted dashboard updated every 15 minutes. Its primary use case is to provide researchers, journalists, and analysts with accessible, cross-correlated insights without relying on cloud services or subscriptions. Notable features include integration with LLMs for two-way interaction, customizable alerts via Telegram and Discord, and a user-friendly interface that simplifies monitoring complex global events.

AI Summary: Debundle is a tool designed to unpack JavaScript bundles generated by Webpack and Browserify, facilitating reverse engineering and analysis by converting minified code back into a more readable file structure. Notably, it allows users to specify configuration options for various bundling types and outputs organized directories containing the original modules, though it does not guarantee a lossless recovery of the original source code. The project is no longer maintained, and users are advised to exercise caution as it may not perform reliably on all real-world bundles.

AI Summary: Dembrandt is a command-line tool designed to extract design systems from any website into structured design tokens, including elements such as colors, typography, and components. Its notable features include the ability to generate a brand guide PDF, output data in W3C Design Tokens format, and support for various browser configurations to bypass bot protection on target sites. The tool is easily installed via npm and offers a range of options for customization and output format.

AI Summary: Dexcalibur is an advanced Android reverse engineering platform that focuses on automating dynamic instrumentation for improved analysis. Its notable features include the ability to decompile and disassemble intercepted bytecode at runtime, manage multiple hooks, and perform static analysis with its built-in engine capable of executing smali code. This tool is designed to streamline the tedious tasks associated with dynamic analysis, making it essential for security researchers and developers.

AI Summary: DOMLoggerpp is a browser extension designed for monitoring, intercepting, and debugging JavaScript sinks through customizable configurations. It features regex-based domain management, flexible hooking options, on-demand debugging breakpoints, a dynamic notification system, and an integrated Devtools log panel for enhanced log management and filtering. This tool is especially useful for developers and security professionals looking to analyze and debug JavaScript execution flows within web applications.

README

A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.

AI Summary: Dotenv is a lightweight Node.js module that simplifies the management of environment variables by loading them from a .env file into process.env. Its primary use case is to separate application configuration from code, following best practices as outlined in The Twelve-Factor App methodology. Notable features include support for multiline values, custom path configuration, and the ability to preload the module without explicit imports in application code.

README

dotenv

Dotenv is a zero-dependency module that loads environment variables from a .env file into process.env. Storing configuration in the environment separate from code is based on The Twelve-Factor App methodology.

AI Summary: Dotenvx is a secure dotenv tool that allows developers to manage environment variables across multiple platforms and programming languages. Its primary use case is to enhance the safety and flexibility of environment variable handling by providing support for encrypted environment files and easy integration into existing applications. Notable features include cross-platform compatibility, multi-environment management, and straightforward installation options via various package managers and direct execution methods.

README

AI Summary: Ethereum-lists is a collaborative repository that maintains and updates lists of malicious URLs, fake token addresses, Ethereum addresses, and contract details, facilitating community contributions through pull requests. Its primary use case is to serve as a resource for users to identify and avoid phishing attempts and fraudulent tokens within the Ethereum ecosystem. Notable features include an easily accessible structure for submitting changes and clear guidelines for contributions, promoting community involvement in enhancing security awareness.

AI Summary: frida-ios-dump is a tool designed for extracting decrypted IPA files from jailbroken iOS devices. The primary use case involves leveraging Frida to automate the process of dumping application binaries, making it particularly useful for security researchers and developers analyzing iOS applications. Notable features include support for both Python 2.x and 3.x, as well as a straightforward command-line interface for initiating the dump process with either the display name or bundle identifier of the target app.

AI Summary: Frida iOS Hook is a Python-based tool designed for dynamic analysis and function hooking of iOS applications through Frida. Its primary use case involves tracing classes and functions, modifying method return values, and providing a suite of commands for process manipulation, memory dumping, and API interception. Notable features include support for both spawn and attach modes, an interactive CLI, and extensive options for script execution and device management.

AI Summary: The frida-scripts repository provides a collection of instrumentation scripts designed for reverse engineering applications on iOS, Android, and Linux platforms using the Frida tool. Key features include full-featured tracers and enumerators for Objective-C, Java, and Linux binaries, enabling deep analysis and manipulation of app behaviors. The scripts may require customization and are suitable for advanced users involved in mobile and software security research.

README

frida-scripts

A collection of my Frida.re instrumentation scripts to facilitate reverse engineering of mobile apps and more.

AI Summary: HackVault is a container repository designed for both defensive and offensive hacking tools. Its primary use case is to centralize and share various hacking utilities, which are intended to be continuously updated with new content over time. Notable features include a structured Wiki section for detailed information and ongoing additions to its arsenal of tools.

README

HackVault

This is a container repository for my defensive/offensive hacks. Go check the Wiki section for more information! Ideally, it’d be continually updated with new interesting stuff over time!

AI Summary: Infoooze is an OSINT tool designed for efficient information gathering on targets such as websites, IP addresses, and usernames through a command-line interface. Notable features include various reconnaissance capabilities like subdomain scanning, Whois lookups, and automatic results saving to text files, facilitating streamlined data collection. Additionally, it supports multiple operating systems, including Linux, Windows, and Termux.

README

Infoooze

Report Bug · Request Feature

Table of Content

1. About Infoooze
   • Features
   • Support
2. Getting Started
   • Prerequisites
   • Installation on Linux
   • Installation on Android
   • Uninstall
3. Usage
   • Options
   • Examples
4. Run in Gitpod
5. Contributing
6. License
7. Contact

About Infoooze

Infoooze is a powerful and user-friendly OSINT (Open-Source Intelligence) tool that allows you to quickly and easily gather information about a specific target. With Infoooze, you can easily search for information about websites, IP addresses, usernames, and more, all from the convenience of a simple command-line interface.

AI Summary: npq is a tool designed to audit npm packages prior to installation, enhancing security during the package management process. It performs multiple checks, including vulnerability assessments using the Snyk database, package age, popularity metrics, and the presence of essential documentation files. Notable features include an auto-continue mode after warnings and customizable settings for strict security reviews.

README

npq allows you to audit npm packages before you install them

AI Summary: The OSINT Framework is a comprehensive resource designed to assist users in gathering information from free online sources for open-source intelligence (OSINT) applications. Its primary use case is to facilitate the discovery of various tools and resources that aid in information security and beyond, while notable features include a structured categorization of tools, some requiring local installation, and links to Google Dorking resources. The framework encourages community contributions for expanding its database of OSINT resources.

AI Summary: Pikachu Volleyball is a reimplementation of a classic 1997 Windows game, now developed in JavaScript for web play. Its primary use case is to provide a nostalgic gaming experience by enabling users to play volleyball with Pikachu characters while utilizing a physics engine and AI derived from reverse-engineered original machine code. Notable features include a customizable local server setup for gameplay and an extended AI vs. AI match time, allowing for continuous observation of the computer-controlled players.

AI Summary: Reconmap is an open-source penetration testing management and automation platform that aids security professionals throughout the engagement lifecycle by efficiently planning, executing, and reporting on security assessments. Its notable features include real-time execution and scheduling of security commands, automated output capture, vulnerability tracking, and the generation of professional reports in multiple formats, all aimed at streamlining workflows and enhancing collaboration among InfoSec teams.

README

AI Summary: The “Reverse Engineering Linear’s Sync Engine” project provides an in-depth analysis of Linear’s Sync Engine (LSE), aimed at enhancing collaborative software applications through an intuitive and efficient synchronization solution. Its primary use case is to support real-time collaboration by managing edits while offering critical features like partial syncing, permission controls, and offline availability, all wrapped in a developer-friendly API. The project emphasizes the balance of complexity and usability, highlighting LSE’s adaptability for various data models without requiring extensive expertise in sync technologies.

AI Summary: Runtime Mobile Security (RMS) is a web-based interface that leverages FRIDA to facilitate real-time manipulation of Android and iOS applications. Its primary use case includes dumping loaded classes and methods, hooking functionality on-the-fly, and tracing method arguments and return values. Notable features encompass the ability to load custom scripts and comprehensive support for both Android and iOS platforms, making it a versatile tool for mobile security analysis and testing.

AI Summary: shhgit is a tool designed to enhance the security of development teams by identifying leaked secrets in code repositories, such as API tokens and private keys, before they can be exploited by malicious actors. It operates either by scanning public repositories via APIs of GitHub, GitLab, and BitBucket or processing local directories, and features a customizable search capability along with options for CSV reporting and entropy-based analysis. Notably, the tool is flexible for both cloud and local deployments, making it suitable for integration into CI/CD pipelines.

AI Summary: Social Analyzer is an OSINT tool designed to analyze and locate a person’s profiles across over 1000 social media platforms via an API, CLI, or web application. Its primary use case includes investigating potential malicious activities like cyberbullying and misinformation dissemination through sophisticated detection modules that yield a confidence rating. Notable features include multi-profile searches, various detection techniques (such as OCR and advanced algorithms), and customizable queries for enhanced data extraction and analysis.

AI Summary: SteamTracking is a tool designed to automate the monitoring of various metrics associated with Steam accounts and game performance. Its primary use case is to streamline the process of tracking gameplay statistics and trends, reducing the manual effort required for users. Notable features include automated data collection and user-friendly insights into gaming habits.

README

Steam Tracking

Tracking things, so you don’t have to.

AI Summary: StegCloak is a JavaScript steganography module that conceals secrets within text by using invisible Unicode characters after compressing and encrypting the data. It is designed for covert communication, allowing users to safely embed strings in various platforms while ensuring cryptographic security through AES-256-CTR encryption and HMAC integrity checks. Key features include high-speed processing, support for hiding file links, and a flexible interface available via API, command-line, and web interface.

AI Summary: SwiftnessX is a cross-platform note-taking and target-tracking application designed specifically for penetration testers, built on the ElectronJS framework. It features customizable checklists, including the OWASP Testing Checklist, and allows users to import/export their checklists, enhancing organized documentation throughout the penetration testing process. The tool aims to streamline the workflow for security professionals by providing a unified interface for managing testing notes and methodologies.

README

SwiftnessX v0.2

AI Summary: Watcher is an AI-powered automated cybersecurity threat detection platform built on Django and React JS, enabling organizations to proactively identify and monitor emerging cybersecurity threats. Its primary use case includes automated intelligence analysis, real-time alerts for trending cybersecurity topics, and comprehensive domain management to combat potential cyber threats. Notable features encompass information leak monitoring, malicious domain surveillance, and integration with external threat intelligence sources for enhanced situational awareness.

AI Summary: WebPlotDigitizer is a computer vision-assisted tool designed to extract numerical data from images of data visualizations, facilitating data retrieval for researchers and professionals across various fields. Its primary use case is converting graphical data representations, such as plots and charts, into usable datasets. Notable features include a user-friendly interface and cloud-based AI support for enhanced data extraction capabilities.

README

WebPlotDigitizer

A large quantity of useful data is locked away in images of data visualizations. WebPlotDigitizer is a computer vision assisted software that helps extract numerical data from images of a variety of data visualizations.

AI Summary: XSS’OR is a versatile tool designed for exploiting cross-site scripting (XSS) vulnerabilities through JavaScript-based payloads. Its primary use case involves encoding, decoding, and probing potential attack vectors, making it applicable for security testing and penetration testing scenarios. Notable features include a web interface for payload manipulation, compatibility with both Python 2 and 3, and robust support for Docker deployment.

README

XSS’OR

XSS’OR - Hack with JavaScript.

ONLINE

You can have a try: