Open-source offensive security & AI tooling β‘
Building weird, powerful, self-hostable tools for hackers, defenders, researchers & curious humans.
| Tool | Description |
|---|---|
| StingXSS | Context-aware XSS scanner β reflected, DOM, stored, and confirmed browser XSS with WAF detection and evasion |
| BreachSQL | Fast SQL injection scanner with built-in exploitation β detect and extract in one command, across all major backends, with WAF evasion baked in. No Java. No license. Drops into a Python pipeline. |
pip install stingxss breachsql| Tool | Description |
|---|---|
| NyxStrike | AI-powered offensive security orchestration β connects LLM agents to real tools and runs full attack chains from recon to exploitation |
| OctoRig | Docker lab launcher β spins up intentionally vulnerable environments for tool testing and practice with a single command |
| Package | Description |
|---|---|
| commonhuman-core | Shared HTTP engine and web crawler β session management, injection helpers, BFS crawling, and passive recon primitives |
| commonhuman-payloads | Shared payload collections, encoders, and WAF signatures |
| commonhuman-cli | Shared CLI argument handling and output formatting |
πΏ Why?
Because security tooling should be:
- Transparent β
- Self-hostable β
- Fast β
- Experimental β
- Actually fun to use β
All tools are licensed under AGPLv3.