AIxVuln

AIxVuln

一个基于LLM的多Agent全流程漏洞挖掘项目,支持PHP、Java、Python、Go、Node.js等多种语言项目环境搭建、漏洞分析、漏洞验证、报告产出。支持多Agent并发高效率沟通完成漏洞挖掘任务。

Stars: 78

Visit
screenshot

AIxVuln is an automated vulnerability discovery and verification system based on large models (LLM) + function calling + Docker sandbox. The system manages 'projects' through a web UI/desktop client, automatically organizing multiple 'digital humans' for environment setup, code auditing, vulnerability verification, and report generation. It utilizes an isolated Docker environment for dependency installation, service startup, PoC verification, and evidence collection, ultimately producing downloadable vulnerability reports. The system has already discovered dozens of vulnerabilities in real open-source projects.

README:

AIxVuln

AIxVuln 是一个基于大模型(LLM)+ 工具调用(Function Calling)+ Docker 沙箱的自动化漏洞挖掘与验证系统

系统通过 Web UI / 桌面客户端管理"项目",为每个项目自动组织多个数字人协作完成环境搭建、代码审计、漏洞验证与报告生成,并在隔离的 Docker 环境内完成依赖安装、服务启动、PoC 验证与证据采集,最终产出可下载的漏洞报告。

目前已通过该项目在真实开源项目中发现数十个漏洞。

特性

  • 首次启动引导 — 首次运行自动进入初始化向导,引导创建管理员账户并一键构建所需 Docker 镜像,开箱即用
  • 单二进制部署 — Dockerfile、前端 UI 等资源全部嵌入可执行文件,无需额外文件即可运行
  • 项目化管理 — 支持从 Git 仓库、压缩包上传、压缩包 URL 三种方式创建项目,一键启动/取消,实时查看漏洞列表、容器、事件日志与报告
  • 数字人协作 — 每个数字人拥有独立人格(姓名、性别、年龄、性格、头像、自定义提示词),绑定特定 Agent 能力类型,以持久化实例运行,跨任务复用记忆
  • 决策大脑(DecisionBrain) — 全局调度中枢,维护状态面板与记忆体,自动编排数字人、汇聚碎片化利用点(exploitIdea)并组装攻击链(exploitChain)
  • 团队聊天(Team Chat) — 用户可通过 @数字人名@全体 与任意数字人 / 决策大脑实时对话,数字人之间也可通过 TeamMessage 机制广播消息
  • Docker 沙箱与多语言环境 — 内置 aisandbox 攻击沙箱,支持 PHP / Java / Node.js / Python / Go 运行环境及 MySQL / Redis 等中间件
  • 双 API 模式 — 支持 OpenAI Chat Completions API 和 Responses API,可按 Agent 类型独立配置
  • SQLite 配置管理 — 配置存储于 data/AIxVuln.db,首次启动自动生成默认值,通过 Web UI 可视化编辑,支持按 Agent 类型独立覆盖
  • 报告模板自定义 — 报告模板存储在 data/.reportTemplate/,支持在 Web UI 中直接编辑
  • 桌面客户端 — 基于 Wails 构建跨平台桌面应用(wailsapp/),内嵌前端 UI

快速开始

运行(二进制,推荐)

GitHub Releases 下载对应平台的可执行文件:

版本 说明
AIxVulnGUI-* 桌面客户端(Wails GUI),macOS 为 .app
AIxVulnWeb-* Web-only 版本,适合服务器部署 
# Web 版本示例
chmod +x AIxVulnWeb-linux-amd64
./AIxVulnWeb-linux-amd64 --mode web --port 9999

首次启动流程:

  1. 打开浏览器访问 http://IP:9999(桌面版自动打开)
  2. 进入初始化向导 → 创建管理员账户
  3. 向导自动检测 Docker 镜像 → 一键构建 aisandboxjava_env(Dockerfile 已嵌入二进制,无需额外文件)
  4. 完成初始化 → 登录系统
  5. 在「设置」中填写 BASE_URLOPENAI_API_KEYMODEL 三个必填项
  6. 创建项目,开始漏洞挖掘

API 兼容说明

系统支持所有兼容 OpenAI API 格式的模型服务,包括但不限于:GPTGLM(智谱)Qwen(通义千问)DeepSeek 等。如需使用其他类型的模型(如 Claude、Gemini 等非 OpenAI 兼容 API),建议配合 CLI Proxy 等工具转换为 OpenAI 格式后接入。

LLM 配置建议

系统支持按 Agent 类型独立配置不同的模型,推荐采用分层配置策略:

  • main_setting(全局默认) — 使用 Coding 套餐模型(如 GLMDeepSeek-CoderQwen-Coder 等),性价比高,适合代码审计、环境搭建、报告生成等高频任务
  • decision(决策大脑) — 使用更擅长决策与指导的模型(如 GPT-5Codex 等),决策大脑负责全局调度与攻击链组装,对推理能力要求更高

未单独配置的 Agent 类型会自动 fallback 到 main_setting,因此只需额外配置 decision 段即可实现分层。

运行(源码)

# 前置条件:Go 1.24+、Docker 已安装并启动
go run .

默认监听 0.0.0.0:9999,首次启动同样进入初始化向导。

构建发布版

bash build_release.sh

自动检测当前系统架构,在 release/ 目录生成 GUI 版本和 Web-only 版本。

桌面客户端开发

cd wailsapp/AIxVulnGUI
wails dev    # 开发模式
wails build  # 构建发布版

架构概览

┌─────────────────────────────────────────────────────────┐
│  Web UI / Wails Desktop                                 │
│  (React + TailwindCSS + shadcn/ui)                      │
├─────────────────────────────────────────────────────────┤
│  Web/          HTTP API + WebSocket 推送                 │
├─────────────────────────────────────────────────────────┤
│  ProjectManager/   项目编排、并发与生命周期管理            │
├──────────────┬──────────────────────────────────────────┤
│ DecisionBrain│  决策大脑:全局调度 · 状态面板 · 记忆体     │
│              │  exploitIdea/Chain 汇聚 · Team Chat       │
├──────────────┴──────────────────────────────────────────┤
│  agents/       持久化 Agent 实例(6 类能力)              │
│  数字人         绑定 Agent 能力的独立人格实例              │
│  toolCalling/  工具调用框架与工具实现                      │
├─────────────────────────────────────────────────────────┤
│  llm/          LLM 客户端 · 上下文管理 · 记忆体压缩/重置  │
│  dockerManager/  Docker 操作 · ServiceManager            │
│  taskManager/    Task · Sandbox · VulnManager            │
│  misc/           SQLite 配置 · 工具函数 · 任务模板        │
└─────────────────────────────────────────────────────────┘

Agent 与数字人

AIxVuln 中 Agent数字人(Digital Human) 是两个不同层次的概念:

  • Agent — 底层能力类型,定义了一类任务的执行逻辑、可用工具和系统提示词。共 6 类。
  • 数字人 — 绑定到某类 Agent 能力的独立人格实例。每个数字人拥有姓名、性别、年龄、性格、头像和自定义提示词,以持久化实例运行,跨任务复用记忆。

简单来说:Agent 是能力,数字人是角色。同一类 Agent 能力可以有多个不同人格的数字人。

Agent 能力类型

Agent 类型 职责
OpsCommonAgent 多语言环境搭建与运维(识别技术栈、安装依赖、启动服务、获取登录凭证)
OpsEnvScoutAgent 远程环境侦察(从运行环境中获取 EnvInfo 与源码信息)
AnalyzeCommonAgent 代码审计与候选漏洞挖掘(多路并发)
VerifierCommonAgent 在真实环境中验证候选漏洞、生成 PoC/证据(任务间自动重置记忆)
ReportCommonAgent 对验证结果生成可下载报告(任务间自动重置记忆)
ProjectOverviewAgent 项目概览与信息汇总

默认数字人团队

系统首次启动时自动创建一组默认数字人(名字是AI起的,不涉及真人名字),用户可在 Web UI 的「数字人管理」中增删改:

数字人 Agent 能力 人格特点
温舒然 Ops 温柔细腻、有条不紊
陈景明 OpsEnvScout 干练利落、言简意赅
林辰宇 Analyze 一丝不苟、逻辑缜密
张泽远 Analyze 跳脱活泼、脑洞大开
苏晚晴 Analyze 沉静从容、全局视野
江亦琛 Verifier 雷厉风行、结果导向
陆星驰 Verifier 沉稳踏实、韧性十足
许知予 Verifier 反应敏捷、条理分明
周书瑶 Report 文字考究、结构严谨

记忆体系统

  • ContextManager — 单数字人对话上下文管理,支持 BPE Token 精确计数、自动压缩、关键消息注入
  • SharedContext — 多数字人共享上下文容器,用于并发审计/验证时的信息聚合
  • ResetMemoryWithSummary — Verifier / Report 类数字人在新任务开始前,将历史记忆压缩为摘要后重置,保留关键信息同时释放上下文空间
  • KeyMessage / EnvMessage — 环境信息、候选漏洞、验证证据等以关键消息形式在数字人间共享

团队聊天(Team Chat)

用户可通过聊天面板与数字人实时交互:

  • @数字人名(如 @林辰宇)— 发送消息给指定数字人
  • @全体 / @all — 广播给所有数字人 + 决策大脑
  • @ 前缀 — 直接发送给决策大脑
  • 数字人之间可通过 TeamMessage: 机制自动广播消息

DecisionBrain(决策大脑)

DecisionBrain 是面向全局目标的调度与记忆中枢:

  • 状态面板 — 维护环境信息、容器信息、exploitIdea 列表、exploitChain 列表等全局状态
  • 数字人调度 — 根据当前状态与任务目标,决定调度哪些数字人,从持久化数字人池中获取空闲实例
  • Tool Calling — 组合 exploitIdea 为 exploitChain、搜索/读取 exploitIdea、发送消息等
  • 记忆体压缩 — 历史消息超限时自动摘要,压缩后 exploitIdea 列表只展示精简字段,需要细节时通过工具按 ID 读取
  • SQLite 持久化 — 已确认可利用的 exploitIdea / exploitChain 持久化到项目级数据库

碎片化利用点(exploitIdea)策略

AIxVuln 将漏洞挖掘拆解为可组合的碎片化利用点,再逐步推进为攻击链:

  • 并发友好 — Ops 数字人搭建环境的同时,Analyze 数字人并行产出多个候选 exploitIdea,Verifier 数字人逐个验证
  • 符合真实流程 — 先发现可疑点,再补齐条件、危害、payload 思路与运行时证据
  • 持续复用 — exploitIdea 以 ID 管理,持久化到 SQLite,跨轮次可检索复用
  • 上下文鲁棒 — 压缩模式下只展示摘要,按需通过工具读取完整详情

配置

配置存储于 SQLite 数据库 data/AIxVuln.db,首次启动自动创建并插入默认值。可通过 Web UI 设置面板可视化编辑。

配置段说明

配置段 说明
misc 全局通用配置(消息长度限制、重试次数、数据目录等)
main_setting 全局默认 LLM 配置(各 Agent 类型未配置时的 fallback)
decision 决策大脑专用配置(可覆盖 main_setting)
ops / analyze / verifier / report / overview 各 Agent 类型专用配置(可覆盖 main_setting)

主要配置项

配置项 所属段 说明 默认值
BASE_URL main_setting LLM API 基础地址 必填
OPENAI_API_KEY main_setting API 密钥(多个用 |-| 分隔轮询) 必填
MODEL main_setting 模型名称 必填
API_MODE main_setting chat(Chat Completions)或 responses(Responses API) chat
STREAM main_setting 是否启用流式响应 false
MaxContext main_setting 最大上下文大小(KB) 100
MaxRequest main_setting 单个 API Key 最大并发请求数 5
USER_AGENT main_setting HTTP 请求 User-Agent 头 AIxVuln
MessageMaximum misc 单条消息最大长度(字符) 10240
MaxTryCount misc API 请求最大重试次数 5
DATA_DIR misc 数据存储目录 ./data

各 Agent 类型配置段(如 decisionops 等)支持独立覆盖 BASE_URLOPENAI_API_KEYMODELMaxContextMaxRequestUSER_AGENTSTREAMAPI_MODE,未配置时自动 fallback 到 main_setting

模型列表自动获取

在设置面板中填写 BASE_URLOPENAI_API_KEY 后,系统会自动调用 /models 接口获取可用模型列表,以下拉框形式供选择,同时支持自定义输入。

Docker 镜像

镜像 说明
aisandbox 通用攻击/验证沙箱,提供常用安全测试工具
java_env Java 多版本 JDK(8/11/17/21/24,通过 SDKMAN 安装)与 Maven / Gradle 构建工具

Dockerfile 已嵌入二进制文件,首次启动的初始化向导会自动引导构建。也可手动构建:

# 使用项目根目录的一键构建脚本
bash dockerfile/build.sh

扩展指南

  • 新增工具 — 在 toolCalling/ 中实现工具能力,注册到对应 Agent 类型的工具列表
  • 新增 Agent 类型 — 在 agents/ 中实现 Agent 接口,在 DecisionBrain 中注册
  • 新增数字人 — 在 Web UI「数字人管理」中添加,选择 Agent 能力类型并设置人格属性
  • 自定义报告模板 — 在 Web UI「报告模板」中编辑 Markdown 模板
  • 新增运行环境 — 在 dockerManager/ServiceManager 增加对应 StartXXXEnv 封装

注意事项

  • 本项目会启动并控制 Docker 容器,请在隔离环境中使用
  • 敏感信息(API Key、用户密码等)存储于本地 SQLite 数据库(data/AIxVuln.db),data/ 目录已在 .gitignore 中排除
  • 用户认证基于 JWT Token,首次启动通过初始化向导创建管理员账户

界面预览

首页 — 项目管理与创建

支持从 Git 仓库、压缩包上传、压缩包 URL 三种方式创建项目,一键启动漏洞挖掘任务。

首页

项目详情 — 实时状态总览

运行中的项目详情页,左侧展示数字人工作状态与容器列表,右侧展示环境信息(登录凭证、数据库信息、路由示例等),所有信息实时更新。

项目详情

数字人管理

管理 Agent 数字人角色,每个数字人拥有独立人格(姓名、性别、年龄、性格、头像)和自定义提示词,绑定特定 Agent 能力类型。支持增删改,修改后重启项目生效。

数字人管理

严格审核机制 — 防止 AI 幻觉

ExploitIdea 经过"审核失败 → 正在整改"等多轮状态流转,决策大脑对每个候选漏洞进行严格审核,防止 AI 幻觉导致的误报。ExploitChain 组装后同样需要经过验证流程。

严格审核机制

高效的团队沟通机制

数字人之间、数字人与决策大脑之间通过 Team Chat 实时协作。以下展示了一次真实项目中的多轮沟通过程:

环境搭建阶段 — Ops 数字人汇报编译问题,决策大脑给出修复指令,数字人自主执行修复:

团队沟通-环境搭建

用户实时介入 — 用户通过 @数字人名 直接下达指令(绿色气泡),决策大脑同步协调其他数字人处理环境问题:

团队沟通-用户介入

决策大脑指导 — 决策大脑针对 MySQL 连接问题给出详细排查步骤和重建方案,数字人据此自主执行:

团队沟通-决策指导

多线并行 — Analyze 数字人广播发现的漏洞线索(@all),Ops 数字人同步处理 Maven 依赖问题,Verifier 数字人等待环境就绪后立即开始验证:

团队沟通-多线并行

自主协作 — 多个数字人同时汇报进展、分配剩余配额、用户可随时 @任意数字人 进行干预:

团队沟通-自主协作

漏洞报告示例

系统自动生成结构化漏洞报告,包含完整利用链分析、攻击流程图和验证证据:

完整利用链分析 — 自动绘制从攻击入口到最终危害的完整调用链路图:

报告-利用链分析

验证证据与 PoC — 包含时间盲注验证、UNION SELECT 探测等详细测试过程和关键证据(HTTP 请求/响应):

报告-验证证据

完整报告示例:AUTHBYPASS + SQLI-0.md

For Tasks:

Click tags to check more tools for each tasks
discover vulnerabilities verify vulnerabilities generate reports manage projects conduct code audits

For Jobs:

security analyst penetration tester security researcher devsecops engineer vulnerability researcher

Alternative AI tools for AIxVuln

Similar Open Source Tools

AIxVuln Screenshot
AIxVuln

AIxVuln is an automated vulnerability discovery and verification system based on large models (LLM) + function calling + Docker sandbox. The system manages 'projects' through a web UI/desktop client, automatically organizing multiple 'digital humans' for environment setup, code auditing, vulnerability verification, and report generation. It utilizes an isolated Docker environment for dependency installation, service startup, PoC verification, and evidence collection, ultimately producing downloadable vulnerability reports. The system has already discovered dozens of vulnerabilities in real open-source projects.

github
: 78
z.ai2api_python Screenshot
z.ai2api_python

Z.AI2API Python is a lightweight OpenAI API proxy service that integrates seamlessly with existing applications. It supports the full functionality of GLM-4.5 series models and features high-performance streaming responses, enhanced tool invocation, support for thinking mode, integration with search models, Docker deployment, session isolation for privacy protection, flexible configuration via environment variables, and intelligent upstream model routing.

github
: 210
PaiAgent Screenshot
PaiAgent

PaiAgent is an enterprise-level AI workflow visualization orchestration platform that simplifies the combination and scheduling of AI capabilities. It allows developers and business users to quickly build complex AI processing flows through an intuitive drag-and-drop interface, without the need to write code, enabling collaboration of various large models.

github
: 78
topsha Screenshot
topsha

LocalTopSH is an AI Agent Framework designed for companies and developers who require 100% on-premise AI agents with data privacy. It supports various OpenAI-compatible LLM backends and offers production-ready security features. The framework allows simple deployment using Docker compose and ensures that data stays within the user's network, providing full control and compliance. With cost-effective scaling options and compatibility in regions with restrictions, LocalTopSH is a versatile solution for deploying AI agents on self-hosted infrastructure.

github
: 81
vibium Screenshot
vibium

Vibium is a browser automation infrastructure designed for AI agents, providing a single binary that manages browser lifecycle, WebDriver BiDi protocol, and an MCP server. It offers zero configuration, AI-native capabilities, and is lightweight with no runtime dependencies. It is suitable for AI agents, test automation, and any tasks requiring browser interaction.

github
: 2.6k
py-xiaozhi Screenshot
py-xiaozhi

py-xiaozhi is a Python-based XiaoZhi voice client designed for learning code and experiencing AI XiaoZhi's voice functions without hardware conditions. It features voice interaction, graphical interface, volume control, session management, encrypted audio transmission, CLI mode, and automatic copying of verification codes and opening browsers for first-time users. The project aims to optimize and add new features to zhh827's py-xiaozhi based on the original hardware project xiaozhi-esp32 and the Python implementation py-xiaozhi.

github
: 554
AI-CloudOps Screenshot
AI-CloudOps

AI+CloudOps is a cloud-native operations management platform designed for enterprises. It aims to integrate artificial intelligence technology with cloud-native practices to significantly improve the efficiency and level of operations work. The platform offers features such as AIOps for monitoring data analysis and alerts, multi-dimensional permission management, visual CMDB for resource management, efficient ticketing system, deep integration with Prometheus for real-time monitoring, and unified Kubernetes management for cluster optimization.

github
: 129
banana-slides Screenshot
banana-slides

Banana-slides is a native AI-powered PPT generation application based on the nano banana pro model. It supports generating complete PPT presentations from ideas, outlines, and page descriptions. The app automatically extracts attachment charts, uploads any materials, and allows verbal modifications, aiming to truly 'Vibe PPT'. It lowers the threshold for creating PPTs, enabling everyone to quickly create visually appealing and professional presentations.

github
: 12.0k
gin-vue-admin Screenshot
gin-vue-admin

Gin-vue-admin is a full-stack development platform based on Vue and Gin, integrating features like JWT authentication, dynamic routing, dynamic menus, Casbin authorization, form generator, code generator, etc. It provides various example files to help users focus more on business development. The project offers detailed documentation, video tutorials for setup and deployment, and a community for support and contributions. Users need a certain level of knowledge in Golang and Vue to work with this project. It is recommended to follow the Apache2.0 license if using the project for commercial purposes.

github
: 23.5k
openakita Screenshot
openakita

OpenAkita is a self-evolving AI Agent framework that autonomously learns new skills, performs daily self-checks and repairs, accumulates experience from task execution, and persists until the task is done. It auto-generates skills, installs dependencies, learns from mistakes, and remembers preferences. The framework is standards-based, multi-platform, and provides a Setup Center GUI for intuitive installation and configuration. It features self-learning and evolution mechanisms, a Ralph Wiggum Mode for persistent execution, multi-LLM endpoints, multi-platform IM support, desktop automation, multi-agent architecture, scheduled tasks, identity and memory management, a tool system, and a guided wizard for setup.

github
: 54
auto-paper-digest Screenshot
auto-paper-digest

Auto Paper Digest (APD) is a tool designed to automatically fetch cutting-edge AI research papers, download PDFs, generate video explanations, and publish them on platforms like HuggingFace, Douyin, and portal websites. It provides functionalities such as fetching papers from Hugging Face, downloading PDFs from arXiv, generating videos using NotebookLM, automatic publishing to HuggingFace Dataset, automatic publishing to Douyin, and hosting videos on a Gradio portal website. The tool also supports resuming interrupted tasks, persistent login states for Google and Douyin, and a structured workflow divided into three phases: Upload, Download, and Publish.

github
: 485
memsearch Screenshot
memsearch

Memsearch is a tool that allows users to give their AI agents persistent memory in a few lines of code. It enables users to write memories as markdown and search them semantically. Inspired by OpenClaw's markdown-first memory architecture, Memsearch is pluggable into any agent framework. The tool offers features like smart deduplication, live sync, and a ready-made Claude Code plugin for building agent memory.

github
: 188
private-llm-qa-bot Screenshot
private-llm-qa-bot

This is a production-grade knowledge Q&A chatbot implementation based on AWS services and the LangChain framework, with optimizations at various stages. It supports flexible configuration and plugging of vector models and large language models. The front and back ends are separated, making it easy to integrate with IM tools (such as Feishu).

github
: 262
boxlite Screenshot
boxlite

BoxLite is an embedded, lightweight micro-VM runtime designed for AI agents running OCI containers with hardware-level isolation. It is built for high concurrency with no daemon required, offering features like lightweight VMs, high concurrency, hardware isolation, embeddability, and OCI compatibility. Users can spin up 'Boxes' to run containers for AI agent sandboxes and multi-tenant code execution scenarios where Docker alone is insufficient and full VM infrastructure is too heavy. BoxLite supports Python, Node.js, and Rust with quick start guides for each, along with features like CPU/memory limits, storage options, networking capabilities, security layers, and image registry configuration. The tool provides SDKs for Python and Node.js, with Go support coming soon. It offers detailed documentation, examples, and architecture insights for users to understand how BoxLite works under the hood.

github
: 1.1k
tinyclaw Screenshot
tinyclaw

TinyClaw is a lightweight wrapper around Claude Code that connects WhatsApp via QR code, processes messages sequentially, maintains conversation context, runs 24/7 in tmux, and is ready for multi-channel support. Its key innovation is the file-based queue system that prevents race conditions and enables multi-channel support. TinyClaw consists of components like whatsapp-client.js for WhatsApp I/O, queue-processor.js for message processing, heartbeat-cron.sh for health checks, and tinyclaw.sh as the main orchestrator with a CLI interface. It ensures no race conditions, is multi-channel ready, provides clean responses using claude -c -p, and supports persistent sessions. Security measures include local storage of WhatsApp session and queue files, channel-specific authentication, and running Claude with user permissions.

github
: 882
AgentX Screenshot
AgentX

AgentX is a next-generation open-source AI agent development framework and runtime platform. It provides an event-driven runtime with a simple framework and minimal UI. The platform is ready-to-use and offers features like multi-user support, session persistence, real-time streaming, and Docker readiness. Users can build AI Agent applications with event-driven architecture using TypeScript for server-side (Node.js) and client-side (Browser/React) development. AgentX also includes comprehensive documentation, core concepts, guides, API references, and various packages for different functionalities. The architecture follows an event-driven design with layered components for server-side and client-side interactions.

github
: 75

For similar tasks

AIxVuln Screenshot
AIxVuln

AIxVuln is an automated vulnerability discovery and verification system based on large models (LLM) + function calling + Docker sandbox. The system manages 'projects' through a web UI/desktop client, automatically organizing multiple 'digital humans' for environment setup, code auditing, vulnerability verification, and report generation. It utilizes an isolated Docker environment for dependency installation, service startup, PoC verification, and evidence collection, ultimately producing downloadable vulnerability reports. The system has already discovered dozens of vulnerabilities in real open-source projects.

github
: 78
LLM-FuzzX Screenshot
LLM-FuzzX

LLM-FuzzX is an open-source user-friendly fuzz testing tool for large language models (e.g., GPT, Claude, LLaMA), equipped with advanced task-aware mutation strategies, fine-grained evaluation, and jailbreak detection capabilities. It helps researchers and developers quickly discover potential security vulnerabilities and enhance model robustness. The tool features a user-friendly web interface for visual configuration and real-time monitoring, supports various advanced mutation methods, integrates RoBERTa model for real-time jailbreak detection and evaluation, supports multiple language models like GPT, Claude, LLaMA, provides visualization analysis with seed flowcharts and experiment data statistics, and offers detailed logging support for main, mutation, and jailbreak logs.

github
: 108
hexstrike-ai Screenshot
hexstrike-ai

HexStrike AI is an advanced AI-powered penetration testing MCP framework with 150+ security tools and 12+ autonomous AI agents. It features a multi-agent architecture with intelligent decision-making, vulnerability intelligence, and modern visual engine. The platform allows for AI agent connection, intelligent analysis, autonomous execution, real-time adaptation, and advanced reporting. HexStrike AI offers a streamlined installation process, Docker container support, 250+ specialized AI agents/tools, native desktop client, advanced web automation, memory optimization, enhanced error handling, and bypassing limitations.

github
: 3.2k
DeepAudit Screenshot
DeepAudit

DeepAudit is an AI audit team accessible to everyone, making vulnerability discovery within reach. It is a next-generation code security audit platform based on Multi-Agent collaborative architecture. It simulates the thinking mode of security experts, achieving deep code understanding, vulnerability discovery, and automated sandbox PoC verification through multiple intelligent agents (Orchestrator, Recon, Analysis, Verification). DeepAudit aims to address the three major pain points of traditional SAST tools: high false positive rate, blind spots in business logic, and lack of verification means. Users only need to import the project, and DeepAudit automatically starts working: identifying the technology stack, analyzing potential risks, generating scripts, sandbox verification, and generating reports, ultimately outputting a professional audit report. The core concept is to let AI attack like a hacker and defend like an expert.

github
: 4.6k
ciso-assistant-community Screenshot
ciso-assistant-community

CISO Assistant is a tool that helps organizations manage their cybersecurity posture and compliance. It provides a centralized platform for managing security controls, threats, and risks. CISO Assistant also includes a library of pre-built frameworks and tools to help organizations quickly and easily implement best practices.

github
: 3.2k
supersonic Screenshot
supersonic

SuperSonic is a next-generation BI platform that integrates Chat BI (powered by LLM) and Headless BI (powered by semantic layer) paradigms. This integration ensures that Chat BI has access to the same curated and governed semantic data models as traditional BI. Furthermore, the implementation of both paradigms benefits from the integration: * Chat BI's Text2SQL gets augmented with context-retrieval from semantic models. * Headless BI's query interface gets extended with natural language API. SuperSonic provides a Chat BI interface that empowers users to query data using natural language and visualize the results with suitable charts. To enable such experience, the only thing necessary is to build logical semantic models (definition of metric/dimension/tag, along with their meaning and relationships) through a Headless BI interface. Meanwhile, SuperSonic is designed to be extensible and composable, allowing custom implementations to be added and configured with Java SPI. The integration of Chat BI and Headless BI has the potential to enhance the Text2SQL generation in two dimensions: 1. Incorporate data semantics (such as business terms, column values, etc.) into the prompt, enabling LLM to better understand the semantics and reduce hallucination. 2. Offload the generation of advanced SQL syntax (such as join, formula, etc.) from LLM to the semantic layer to reduce complexity. With these ideas in mind, we develop SuperSonic as a practical reference implementation and use it to power our real-world products. Additionally, to facilitate further development we decide to open source SuperSonic as an extensible framework.

github
: 4.2k
DB-GPT Screenshot
DB-GPT

DB-GPT is an open source AI native data app development framework with AWEL(Agentic Workflow Expression Language) and agents. It aims to build infrastructure in the field of large models, through the development of multiple technical capabilities such as multi-model management (SMMF), Text2SQL effect optimization, RAG framework and optimization, Multi-Agents framework collaboration, AWEL (agent workflow orchestration), etc. Which makes large model applications with data simpler and more convenient.

github
: 17.4k
Chat2DB Screenshot
Chat2DB

Chat2DB is an AI-driven data development and analysis platform that enables users to communicate with databases using natural language. It supports a wide range of databases, including MySQL, PostgreSQL, Oracle, SQLServer, SQLite, MariaDB, ClickHouse, DM, Presto, DB2, OceanBase, Hive, KingBase, MongoDB, Redis, and Snowflake. Chat2DB provides a user-friendly interface that allows users to query databases, generate reports, and explore data using natural language commands. It also offers a variety of features to help users improve their productivity, such as auto-completion, syntax highlighting, and error checking.

github
: 14.3k

For similar jobs

AIxVuln Screenshot
AIxVuln

AIxVuln is an automated vulnerability discovery and verification system based on large models (LLM) + function calling + Docker sandbox. The system manages 'projects' through a web UI/desktop client, automatically organizing multiple 'digital humans' for environment setup, code auditing, vulnerability verification, and report generation. It utilizes an isolated Docker environment for dependency installation, service startup, PoC verification, and evidence collection, ultimately producing downloadable vulnerability reports. The system has already discovered dozens of vulnerabilities in real open-source projects.

github
: 78
hackingBuddyGPT Screenshot
hackingBuddyGPT

hackingBuddyGPT is a framework for testing LLM-based agents for security testing. It aims to create common ground truth by creating common security testbeds and benchmarks, evaluating multiple LLMs and techniques against those, and publishing prototypes and findings as open-source/open-access reports. The initial focus is on evaluating the efficiency of LLMs for Linux privilege escalation attacks, but the framework is being expanded to evaluate the use of LLMs for web penetration-testing and web API testing. hackingBuddyGPT is released as open-source to level the playing field for blue teams against APTs that have access to more sophisticated resources.

github
: 374
aio-proxy Screenshot
aio-proxy

This script automates setting up TUIC, hysteria and other proxy-related tools in Linux. It features setting domains, getting SSL certification, setting up a simple web page, SmartSNI by Bepass, Chisel Tunnel, Hysteria V2, Tuic, Hiddify Reality Scanner, SSH, Telegram Proxy, Reverse TLS Tunnel, different panels, installing, disabling, and enabling Warp, Sing Box 4-in-1 script, showing ports in use and their corresponding processes, and an Android script to use Chisel tunnel.

github
: 274
aircrackauto Screenshot
aircrackauto

AirCrackAuto is a tool that automates the aircrack-ng process for Wi-Fi hacking. It is designed to make it easier for users to crack Wi-Fi passwords by automating the process of capturing packets, generating wordlists, and launching attacks. AirCrackAuto is a powerful tool that can be used to crack Wi-Fi passwords in a matter of minutes.

github
: 79
awesome-gpt-security Screenshot
awesome-gpt-security

Awesome GPT + Security is a curated list of awesome security tools, experimental case or other interesting things with LLM or GPT. It includes tools for integrated security, auditing, reconnaissance, offensive security, detecting security issues, preventing security breaches, social engineering, reverse engineering, investigating security incidents, fixing security vulnerabilities, assessing security posture, and more. The list also includes experimental cases, academic research, blogs, and fun projects related to GPT security. Additionally, it provides resources on GPT security standards, bypassing security policies, bug bounty programs, cracking GPT APIs, and plugin security.

github
: 459
h4cker Screenshot
h4cker

This repository is a comprehensive collection of cybersecurity-related references, scripts, tools, code, and other resources. It is carefully curated and maintained by Omar Santos. The repository serves as a supplemental material provider to several books, video courses, and live training created by Omar Santos. It encompasses over 10,000 references that are instrumental for both offensive and defensive security professionals in honing their skills.

github
: 20.4k
aircrack-ng Screenshot
aircrack-ng

Aircrack-ng is a comprehensive suite of tools designed to evaluate the security of WiFi networks. It covers various aspects of WiFi security, including monitoring, attacking (replay attacks, deauthentication, fake access points), testing WiFi cards and driver capabilities, and cracking WEP and WPA PSK. The tools are command line-based, allowing for extensive scripting and have been utilized by many GUIs. Aircrack-ng primarily works on Linux but also supports Windows, macOS, FreeBSD, OpenBSD, NetBSD, Solaris, and eComStation 2.

github
: 5.2k
ai-exploits Screenshot
ai-exploits

AI Exploits is a repository that showcases practical attacks against AI/Machine Learning infrastructure, aiming to raise awareness about vulnerabilities in the AI/ML ecosystem. It contains exploits and scanning templates for responsibly disclosed vulnerabilities affecting machine learning tools, including Metasploit modules, Nuclei templates, and CSRF templates. Users can use the provided Docker image to easily run the modules and templates. The repository also provides guidelines for using Metasploit modules, Nuclei templates, and CSRF templates to exploit vulnerabilities in machine learning tools.

github
: 1.3k