middleBrick

It is a free, open-source penetration testing tool. It is designed specifically for testing web applications and is both flexible and extensible.

BitResurrector v3.0 is a high-performance suite for recovering lost Bitcoin private keys. It leverages extreme GPU acceleration, AVX-512 parallelism, and cryptographic optimizations like Montgomery REDC. Built for "Digital Archaeology," it specializes in auditing historical PRNG weaknesses and statistical anomalies in early blockchain assets.

An open source security tool for testing a data center's resiliency to perimeter breaches and internal server infection. The Monkey uses various methods to self propagate across a data center and reports success to a centralized Monkey Island server.

It is a penetration testing tool empowered by ChatGPT. It is designed to automate the penetration testing process. It is built on top of ChatGPT and operates in an interactive mode to guide penetration testers in both overall progress and specific operations.

It is a compliance-focused pentesting-as-a-service platform. It allows companies to easily schedule and manage penetration tests, designed for both compliance and security enhancement.

It is a comprehensive tool designed to fortify the security of Large Language Models (LLMs). By offering sanitization, detection of harmful language, prevention of data leakage, and resistance against prompt injection attacks, it ensures that your interactions with LLMs remain safe and secure.

Waxell is the AI governance plane for agentic systems in production. It sits above agents, models, and integrations, enforcing constraints and defining what's allowed. Auto-instrumentation for 200+ libraries without code changes. Real-time tracing, token and cost tracking, and 11 categories of agentic governance policy enforcement.

ZeroThreat.ai is an AI-powered web application and API pentesting platform designed to identify real, exploitable vulnerabilities—not just surface-level findings. Built for modern engineering teams, it combines Agentic AI pentesting with a high-performance scanning engine to deliver up to 10× faster, deeply validated security testing. Unlike traditional DAST tools that rely on static signatures and generate excessive noise, ZeroThreat.ai executes adaptive, attacker-style workflows that evolve based on application behavior. Its interpreter-driven vulnerability intelligence continuously ingests emerging threats and newly disclosed CVEs, enabling near real-time detection updates and rapid CVE-to-exploit mapping. The platform supports over 100,000 vulnerability checks, including native Nuclei template execution, and extends beyond known issues with zero-day detection through behavioral pattern analysis. It validates every finding through live exploit execution, ensuring only real, impactful vulnerabilities are reported—with clear proof of risk and exposed data. ZeroThreat.ai is purpose-built for modern applications, with advanced browser automation for SPAs, authenticated testing, and complex multi-step workflows. It identifies critical issues such as auth bypass, business logic flaws, and workflow abuse that traditional scanners miss.

Use any AI, safely. Sensitive data never leaves your device. Imagine using AI freely—without exposing who you are. Anonymize360 intercepts your sensitive data before it reaches an AI provider. The moment you send a message, it scans for names, addresses, SSNs, and medical records—replacing them with secure tokens and encrypting the originals locally with AES-256. Only the anonymized version travels to the cloud. When the response returns, your real information is seamlessly restored. Zero-knowledge architecture: even we can't access your data. No backdoors. Nothing stored outside your device. Works silently across Windows and macOS. For professionals, healthcare providers, or anyone who values privacy—powerful AI, zero compromise. Instant. Invisible. Secure.

Track your AI usage and secure sensitive data across Claude, ChatGPT, Gemini, and more. AIMetrical offers unified analytics and real-time security on a single dashboard.

TokenFence is an open-source SDK that lets developers set hard per-workflow token and cost limits for AI agents. Drop in 2 lines of code to prevent runaway API spend. Supports OpenAI, Anthropic, and more. Free and open source.

Protect MCP clients and services with a security gateway for safer launch, strict inspection, redaction, and operator visibility.

Discover, assess, and enforce security policy across every AI coding agent, MCP server, and tool in your org.

At its core, Vulseek combines automated asset discovery and scanning with intelligent risk prioritization, allowing security teams to focus on what truly matters. Its customizable dashboards, real-time alerts, and integrations with popular ticketing systems and SIEMs help ensure vulnerabilities are addressed swiftly and systematically.

Continuous security platform for smart contracts and ZK circuits. Static analysis, fuzzing, and formal verification in one integrated workflow.

It is an online platform for checking port status. It checks whether a port is open, closed or filtered based on port number and IP address. The tool can handle IPv4/IPv6 IP addresses of a network. The tool verifies ports on both the internal computing network and the external one as well. This tool offers a premium feature of version scan and country-wise server testing to its users. With its unlimited usage, one can take maximum advantage of the tool for network issues troubleshooting.

DeepStrike, a world-renowned leader in penetration testing and attack surface management, enables organizations to expand their security initiatives confidently

Autonomous AI security agents that run nonstop pentests to protect your websites, APIs and cloud infrastructure.

LangProtect is an AI security firewall that protects LLM and GenAI applications at runtime. It blocks prompt injection, jailbreaks, and sensitive data leakage while enforcing customizable security policies. Built for enterprise and regulated teams, it delivers real-time protection, visibility, and audit-ready governance.

RedVeil offers on-demand penetration testing powered by agentic AI. Uncover vulnerabilities and get actionable at a fraction of traditional costs.

AI security gateway for Apache APISIX. 100% air-gapped, Open Source core. CPU-capable, GPU-optional. Protect LLMs from prompt injection, PII leaks, and data exfiltration. GDPR, EU AI Act, SOC2, HIPAA compliant. Your data never leaves your VPC.

Clawsec is an open-source security plugin that blocks dangerous actions in under 5ms. One command: openclaw plugins install clawsec

Privacy-first AI assistant that protects sensitive information while preserving context.

Secuditor Lite is a free diagnostic security tool with a friendly GUI for Windows endpoints and networks. It helps identify system vulnerabilities, improve device Operational Security (OPSEC), detect network elements, and generate structured audit reports, all in one place. Suitable for both personal and organizational environments.

A breakthrough approach to securing applications built with AI assistance. SecVibe complements your existing security stack with specialized controls.

You built the app. We'll find the holes. One audit, one payment — no security knowledge required. Free quick scan, $29 deep audit.

Find security vulnerabilities in your Replit, Bolt, Lovable, Cursor, and v0 projects. 40+ parallel scanner engines, risk scoring A+ to F, SARIF/CSV/PDF reports, and CI/CD integration.

The only security scanner built for vibe coders. Scan your Lovable.dev, Bolt.new - Supabase and Cursor apps for vulnerabilities in one click. Ship fast. Ship secure.

It is an open-source Python package for specifying structure and type, validating and correcting the outputs of large language models (LLMs).

It is a self-hardening prompt injection detector. It is designed to protect AI applications from prompt injection (PI) attacks through a multi-stage defense.

It is an open-source toolkit for monitoring Large Language Models (LLMs). It extracts signals from prompts & responses, ensuring safety & security.

It is a robust static analysis framework for validating that LLM-generated structured output is safe. It currently supports SQL.

It is an open-source Java application for network communication proxying for the purpose of penetration testing. It allows penetration testers to set up proxies and interceptors to manage the traffic transmitted between client and server.