Best AI tools for< Find Vulnerabilities >

GitHub is the world's leading AI-powered developer platform that offers a wide range of tools and features to enhance the developer experience. It provides automation for workflows, security features to find and fix vulnerabilities, instant development environments, AI-powered code assistance with GitHub Copilot, code review and management capabilities, issue tracking, collaboration tools, and more. GitHub empowers developers to accelerate innovation and collaborate efficiently, making it a go-to platform for individuals, teams, and organizations in the software development industry.

VIDOC is an AI-powered security engineer that automates code review and penetration testing. It continuously scans and reviews code to detect and fix security issues, helping developers deliver secure software faster. VIDOC is easy to use, requiring only two lines of code to be added to a GitHub Actions workflow. It then takes care of the rest, providing developers with a tailored code solution to fix any issues found.

Escape is an API Security Platform that focuses on automated API discovery and security. It offers features such as proactively detecting security flaws, CI/CD integration, API discovery and inventory, secure data protection, compliance management, tailored remediations, and more. The platform helps users gain full security observability, find business logic flaws before production, and integrate security into their workflows. Escape aims to simplify compliance management and provide developer-friendly remediations to enhance API security.

Find AI is an AI-powered search engine that provides users with advanced search capabilities to unlock contact details and gain more accurate insights. The platform caters to individuals and companies looking to research people, companies, startups, founders, and more. Users can access email addresses and premium search features to explore a wide range of data related to various industries and sectors. Find AI offers a user-friendly interface and efficient search algorithms to deliver relevant results in a timely manner.

Find your next book is an AI-powered librarian that provides personalized book recommendations based on your preferences. It uses advanced algorithms to analyze your reading history, interests, and other factors to suggest books that you're likely to enjoy. The platform offers a wide range of genres and authors to choose from, making it easy to find your next favorite read.

Find Your AIs is an AI directory website that showcases a wide range of AI tools and applications. It offers a platform for users to explore and discover various AI-powered solutions across different categories such as digital wellness, marketing, text-to-image generation, resume customization, and more. The website aims to connect users with innovative AI technologies to enhance their daily lives and work efficiency.

Find My Remote is an AI-powered job search platform that streamlines the job hunting process by leveraging artificial intelligence to find and structure job postings from various ATS platforms. Users can set their job preferences, receive personalized job matches, and save time by applying to curated job listings. The platform offers exclusive job opportunities not typically found on popular job search websites like LinkedIn. With features such as job discovery, application tracking, and faster application process, Find My Remote aims to revolutionize the way job seekers find and apply for jobs.

Find New AI is a comprehensive platform offering a variety of AI tools and efficiency solutions for different purposes such as SEO, content creation, marketing, link building, image manipulation, and more. The website provides reviews, tutorials, and guides on utilizing AI software effectively to enhance productivity and creativity in various domains.

Find My Size is a web application that provides personalized size recommendations for exclusive deals at hundreds of top retailers. Users can input their measurements and preferences to receive tailored suggestions for clothing items that will fit them perfectly. The platform aims to enhance the online shopping experience by helping customers find the right size and style without the need for multiple returns. Find My Size collaborates with various retailers to offer a wide range of products across different categories, including active & sportswear, young contemporary, business & workwear, lingerie & sleepwear, outerwear, maternity wear, plus size apparel, and swimwear.

Prolific is a platform that allows users to quickly find research participants they can trust. It offers a diverse participant pool, including domain experts and API integration. Prolific ensures high-quality human-powered datasets in less than 2 hours, trusted by over 3000 organizations. The platform is designed for ease of use, with self-serve options and scalability. It provides rich, accurate, and comprehensive responses from engaged participants, verified through manual and algorithmic quality checks.

PimEyes is an online face search engine that uses face recognition technology to find pictures containing given faces. It is a great tool to audit copyright infringement, protect your privacy, and find people.

Lexology is a next-generation search tool designed to help users find the right lawyer for their needs. It offers a wide range of resources, including practical analysis, in-depth research tools, primary sources, and expert reports. The platform aims to be a go-to resource for legal professionals and individuals seeking legal expertise.

Futurepedia is a leading AI resource platform dedicated to empowering professionals across various industries to leverage AI technologies for innovation and growth. Our platform offers comprehensive directories, easy-to-follow guides, a weekly newsletter, and an informative YouTube channel, simplifying AI integration into professional practices. Committed to making AI understandable and practical, we provide resources tailored to diverse professional needs, fostering a community where more than 200,000 professionals share knowledge and experiences.

GrabJobs is an AI-powered job search platform that helps job seekers find the best jobs and grow their careers. With millions of job opportunities from industry-leading companies, GrabJobs makes it easy to find the perfect job for your skills and experience. Our AI-driven job recommendations and chat-based job applications make the job search process faster and more efficient. Plus, our time-saving automated applications ensure that you can apply to more jobs in less time.

Connected Papers is a search engine for academic papers that uses artificial intelligence to help users find and explore relevant research. It allows users to search for papers by keyword, author, or title, and then explore the connections between them. Connected Papers also provides a variety of tools to help users organize and manage their research, including the ability to create custom collections of papers, add notes and annotations, and share their research with others.

Future Tools is a website that collects and organizes AI tools. It provides a comprehensive list of AI tools categorized into various domains, including AI detection, aggregators, avatar chat, copywriting, finance, gaming, generative art, generative code, generative video, image improvement, image scanning, inspiration, marketing, motion capture, music, podcasting, productivity, prompt guides, research, self-improvement, social media, speech-to-text, text-to-speech, text-to-video, translation, video editing, and voice modulation. The website also offers a search bar to help users find specific tools based on their needs.

Prolific is a platform that helps users quickly find research participants they can trust. It offers free representative samples, a participant pool of domain experts, the ability to bring your own participants, and an API for integration. Prolific ensures data quality by verifying participants with bank-grade ID checks, ongoing checks to identify bots, and no AI participants. The platform allows users to easily set up accounts, access rich and comprehensive responses, and scale research projects efficiently.

Inven is an AI-powered company data platform that helps professionals in private equity, investment banking, business brokerage, consulting, and corporate development find companies faster and more efficiently. With Inven, users can access a database of over 23 million companies and 430 million contacts in over 160 countries. Inven's AI algorithms and NLP solutions analyze millions of data points from a wide range of sources to give users actionable insights on any niche.

Everypixel is a stock image search engine powered by AI that provides access to more than 50 best sources of free and premium images. Users can search for images by keywords or by uploading an image URL. The platform offers a wide range of images, including exclusive patterns, vectors, and microstock photos. Everypixel aims to simplify the process of finding high-quality images for personal and commercial use, with both free and paid options available.

WinningHunter is a powerful product research tool that helps you find winning products to sell online. It has a variety of features that make it easy to find products that are trending, have high sales volume, and are likely to be profitable. WinningHunter also provides data on ad spend, revenue, and other metrics to help you make informed decisions about which products to sell.

GhidrOllama is a script that interacts with Ollama's API to perform various reverse engineering tasks within Ghidra. It supports both local and remote instances of Ollama, providing functionalities like explaining functions, suggesting names, rewriting functions, finding bugs, and automating analysis of specific functions in binaries. Users can ask questions about functions, find vulnerabilities, and receive explanations of assembly instructions. The script bridges the gap between Ghidra and Ollama models, enhancing reverse engineering capabilities.

Awesome GPT + Security is a curated list of awesome security tools, experimental case or other interesting things with LLM or GPT. It includes tools for integrated security, auditing, reconnaissance, offensive security, detecting security issues, preventing security breaches, social engineering, reverse engineering, investigating security incidents, fixing security vulnerabilities, assessing security posture, and more. The list also includes experimental cases, academic research, blogs, and fun projects related to GPT security. Additionally, it provides resources on GPT security standards, bypassing security policies, bug bounty programs, cracking GPT APIs, and plugin security.

**Description:** PromptFuzz is an automated tool that generates high-quality fuzz drivers for libraries via a fuzz loop constructed on mutating LLMs' prompts. The fuzz loop of PromptFuzz aims to guide the mutation of LLMs' prompts to generate programs that cover more reachable code and explore complex API interrelationships, which are effective for fuzzing. **Features:** * **Multiply LLM support** : Supports the general LLMs: Codex, Inocder, ChatGPT, and GPT4 (Currently tested on ChatGPT). * **Context-based Prompt** : Construct LLM prompts with the automatically extracted library context. * **Powerful Sanitization** : The program's syntax, semantics, behavior, and coverage are thoroughly analyzed to sanitize the problematic programs. * **Prioritized Mutation** : Prioritizes mutating the library API combinations within LLM's prompts to explore complex interrelationships, guided by code coverage. * **Fuzz Driver Exploitation** : Infers API constraints using statistics and extends fixed API arguments to receive random bytes from fuzzers. * **Fuzz engine integration** : Integrates with grey-box fuzz engine: LibFuzzer. **Benefits:** * **High branch coverage:** The fuzz drivers generated by PromptFuzz achieved a branch coverage of 40.12% on the tested libraries, which is 1.61x greater than _OSS-Fuzz_ and 1.67x greater than _Hopper_. * **Bug detection:** PromptFuzz detected 33 valid security bugs from 49 unique crashes. * **Wide range of bugs:** The fuzz drivers generated by PromptFuzz can detect a wide range of bugs, most of which are security bugs. * **Unique bugs:** PromptFuzz detects uniquely interesting bugs that other fuzzers may miss. **Usage:** 1. Build the library using the provided build scripts. 2. Export the LLM API KEY if using ChatGPT or GPT4. 3. Generate fuzz drivers using the `fuzzer` command. 4. Run the fuzz drivers using the `harness` command. 5. Deduplicate and analyze the reported crashes. **Future Works:** * **Custom LLMs suport:** Support custom LLMs. * **Close-source libraries:** Apply PromptFuzz to close-source libraries by fine tuning LLMs on private code corpus. * **Performance** : Reduce the huge time cost required in erroneous program elimination.

code2prompt is a command-line tool that converts your codebase into a single LLM prompt with a source tree, prompt templating, and token counting. It automates generating LLM prompts from codebases of any size, customizing prompt generation with Handlebars templates, respecting .gitignore, filtering and excluding files using glob patterns, displaying token count, including Git diff output, copying prompt to clipboard, saving prompt to an output file, excluding files and folders, adding line numbers to source code blocks, and more. It helps streamline the process of creating LLM prompts for code analysis, generation, and other tasks.

hackingBuddyGPT is a framework for testing LLM-based agents for security testing. It aims to create common ground truth by creating common security testbeds and benchmarks, evaluating multiple LLMs and techniques against those, and publishing prototypes and findings as open-source/open-access reports. The initial focus is on evaluating the efficiency of LLMs for Linux privilege escalation attacks, but the framework is being expanded to evaluate the use of LLMs for web penetration-testing and web API testing. hackingBuddyGPT is released as open-source to level the playing field for blue teams against APTs that have access to more sophisticated resources.

Invariant Analyzer is an open-source scanner designed for LLM-based AI agents to find bugs, vulnerabilities, and security threats. It scans agent execution traces to identify issues like looping behavior, data leaks, prompt injections, and unsafe code execution. The tool offers a library of built-in checkers, an expressive policy language, data flow analysis, real-time monitoring, and extensible architecture for custom checkers. It helps developers debug AI agents, scan for security violations, and prevent security issues and data breaches during runtime. The analyzer leverages deep contextual understanding and a purpose-built rule matching engine for security policy enforcement.

Academic_LLM_Sec_Papers is a curated collection of academic papers related to LLM Security Application. The repository includes papers sorted by conference name and published year, covering topics such as large language models for blockchain security, software engineering, machine learning, and more. Developers and researchers are welcome to contribute additional published papers to the list. The repository also provides information on listed conferences and journals related to security, networking, software engineering, and cryptography. The papers cover a wide range of topics including privacy risks, ethical concerns, vulnerabilities, threat modeling, code analysis, fuzzing, and more.

This repository contains code and results for jailbreaking leading safety-aligned LLMs with simple adaptive attacks. We show that even the most recent safety-aligned LLMs are not robust to simple adaptive jailbreaking attacks. We demonstrate how to successfully leverage access to logprobs for jailbreaking: we initially design an adversarial prompt template (sometimes adapted to the target LLM), and then we apply random search on a suffix to maximize the target logprob (e.g., of the token ``Sure''), potentially with multiple restarts. In this way, we achieve nearly 100% attack success rate---according to GPT-4 as a judge---on GPT-3.5/4, Llama-2-Chat-7B/13B/70B, Gemma-7B, and R2D2 from HarmBench that was adversarially trained against the GCG attack. We also show how to jailbreak all Claude models---that do not expose logprobs---via either a transfer or prefilling attack with 100% success rate. In addition, we show how to use random search on a restricted set of tokens for finding trojan strings in poisoned models---a task that shares many similarities with jailbreaking---which is the algorithm that brought us the first place in the SaTML'24 Trojan Detection Competition. The common theme behind these attacks is that adaptivity is crucial: different models are vulnerable to different prompting templates (e.g., R2D2 is very sensitive to in-context learning prompts), some models have unique vulnerabilities based on their APIs (e.g., prefilling for Claude), and in some settings it is crucial to restrict the token search space based on prior knowledge (e.g., for trojan detection).

OpenShield is a firewall designed for AI models to protect against various attacks such as prompt injection, insecure output handling, training data poisoning, model denial of service, supply chain vulnerabilities, sensitive information disclosure, insecure plugin design, excessive agency granting, overreliance, and model theft. It provides rate limiting, content filtering, and keyword filtering for AI models. The tool acts as a transparent proxy between AI models and clients, allowing users to set custom rate limits for OpenAI endpoints and perform tokenizer calculations for OpenAI models. OpenShield also supports Python and LLM based rules, with upcoming features including rate limiting per user and model, prompts manager, content filtering, keyword filtering based on LLM/Vector models, OpenMeter integration, and VectorDB integration. The tool requires an OpenAI API key, Postgres, and Redis for operation.

Analyze the following text from a github repository (name and readme text at end) . Then, generate a JSON object with the following keys and provide the corresponding information for each key, in lowercase letters: 'description' (detailed description of the repo, must be less than 400 words，Ensure that no line breaks and quotation marks.),'for_jobs' (List 5 jobs suitable for this tool,in lowercase letters), 'ai_keywords' (keywords of the tool,user may use those keyword to find the tool,in lowercase letters), 'for_tasks' (list of 5 specific tasks user can use this tool to do,in lowercase letters), 'answer' (in english languages)

AI Goat is a tool designed to help users learn about AI security through a series of vulnerable LLM CTF challenges. It allows users to run everything locally on their system without the need for sign-ups or cloud fees. The tool focuses on exploring security risks associated with large language models (LLMs) like ChatGPT, providing practical experience for security researchers to understand vulnerabilities and exploitation techniques. AI Goat uses the Vicuna LLM, derived from Meta's LLaMA and ChatGPT's response data, to create challenges that involve prompt injections, insecure output handling, and other LLM security threats. The tool also includes a prebuilt Docker image, ai-base, containing all necessary libraries to run the LLM and challenges, along with an optional CTFd container for challenge management and flag submission.

Awesome-Jailbreak-on-LLMs is a collection of state-of-the-art, novel, and exciting jailbreak methods on Large Language Models (LLMs). The repository contains papers, codes, datasets, evaluations, and analyses related to jailbreak attacks on LLMs. It serves as a comprehensive resource for researchers and practitioners interested in exploring various jailbreak techniques and defenses in the context of LLMs. Contributions such as additional jailbreak-related content, pull requests, and issue reports are welcome, and contributors are acknowledged. For any inquiries or issues, contact [email protected]. If you find this repository useful for your research or work, consider starring it to show appreciation.

Awesome LLM for APR is a repository dedicated to exploring the capabilities of Large Language Models (LLMs) in Automated Program Repair (APR). It provides a comprehensive collection of research papers, tools, and resources related to using LLMs for various scenarios such as repairing semantic bugs, security vulnerabilities, syntax errors, programming problems, static warnings, self-debugging, type errors, web UI tests, smart contracts, hardware bugs, performance bugs, API misuses, crash bugs, test case repairs, formal proofs, GitHub issues, code reviews, motion planners, human studies, and patch correctness assessments. The repository serves as a valuable reference for researchers and practitioners interested in leveraging LLMs for automated program repair.

LLM-PLSE-paper is a repository focused on the applications of Large Language Models (LLMs) in Programming Language and Software Engineering (PL/SE) domains. It covers a wide range of topics including bug detection, specification inference and verification, code generation, fuzzing and testing, code model and reasoning, code understanding, IDE technologies, prompting for reasoning tasks, and agent/tool usage and planning. The repository provides a comprehensive collection of research papers, benchmarks, empirical studies, and frameworks related to the capabilities of LLMs in various PL/SE tasks.

AIShield Watchtower is a tool designed to fortify the security of AI/ML models and Jupyter notebooks by automating model and notebook discoveries, conducting vulnerability scans, and categorizing risks into 'low,' 'medium,' 'high,' and 'critical' levels. It supports scanning of public GitHub repositories, Hugging Face repositories, AWS S3 buckets, and local systems. The tool generates comprehensive reports, offers a user-friendly interface, and aligns with industry standards like OWASP, MITRE, and CWE. It aims to address the security blind spots surrounding Jupyter notebooks and AI models, providing organizations with a tailored approach to enhancing their security efforts.

Garak is a free tool that checks if a Large Language Model (LLM) can be made to fail in a way that is undesirable. It probes for hallucination, data leakage, prompt injection, misinformation, toxicity generation, jailbreaks, and many other weaknesses. Garak's a free tool. We love developing it and are always interested in adding functionality to support applications.

Awesome_GPT_Super_Prompting is a repository that provides resources related to Jailbreaks, Leaks, Injections, Libraries, Attack, Defense, and Prompt Engineering. It includes information on ChatGPT Jailbreaks, GPT Assistants Prompt Leaks, GPTs Prompt Injection, LLM Prompt Security, Super Prompts, Prompt Hack, Prompt Security, Ai Prompt Engineering, and Adversarial Machine Learning. The repository contains curated lists of repositories, tools, and resources related to GPTs, prompt engineering, prompt libraries, and secure prompting. It also offers insights into Cyber-Albsecop GPT Agents and Super Prompts for custom GPT usage.

Open AI is a powerful tool for artificial intelligence research and development. It provides a wide range of machine learning models and algorithms, making it easier for developers to create innovative AI applications. With Open AI, users can explore cutting-edge technologies such as natural language processing, computer vision, and reinforcement learning. The platform offers a user-friendly interface and comprehensive documentation to support users in building and deploying AI solutions. Whether you are a beginner or an experienced AI practitioner, Open AI offers the tools and resources you need to accelerate your AI projects and stay ahead in the rapidly evolving field of artificial intelligence.

Promptfoo is a tool for testing and evaluating LLM output quality. With promptfoo, you can build reliable prompts, models, and RAGs with benchmarks specific to your use-case, speed up evaluations with caching, concurrency, and live reloading, score outputs automatically by defining metrics, use as a CLI, library, or in CI/CD, and use OpenAI, Anthropic, Azure, Google, HuggingFace, open-source models like Llama, or integrate custom API providers for any LLM API.

HackingPT is a specialized language model focused on cybersecurity and penetration testing, committed to providing precise and in-depth insights in these fields.

Asistente de código y pentesting

Expert in ethical hacking, leveraging https://pentestbook.six2dez.com/ and https://book.hacktricks.xyz resources for CTFs and challenges.

A cybersecurity expert aiding in penetration testing. Check repo: https://github.com/GreyDGL/PentestGPT

Ask me to recommend a plugin or script from the official Hex-Rays plugin repository

Creates Application Security Test cases in YAML

Expert in hacking and programming queries on LLM V 1.1

A cryptic, enigmatic GPT guarding a secret key

Introducing IAC Code Guardian: Your Trusted IaC Security Expert in Scanning Opentofu, Terrform, AWS Cloudformation, Pulumi, K8s Yaml & Dockerfile

Answers all reverse engineering queries.

Engagingly clarifies web security topics with interactive questions.

Expert in CVEs and cybersecurity vulnerabilities, providing precise information from the National Vulnerability Database.

This GPT takes in content related to an application, such as HTTP traffic, JavaScript files, source code, etc., and outputs lists of URLs that can be used for further testing.

Expert in BloodHound CE, Cypher, SharpHound, and related tech

Expert in API Security Testing

Auditor for Solidity contracts, focusing on security, bug-finding and gas efficiency.

I match students with PhD advisors.

I find the best GPT-powered service for you

Assists in finding suitable lawyers based on user needs. Disclaimer - always do your own extra research

Find the perfect match for your design needs