SECFORCE

AI Security Tools - November 2025 🧰 awesome-claude-skills - Curated Claude Skills collection with a Security & Systems section wiring Claude into web fuzzing, MCP hardening, and security automation workflows. ⭐️5.5k github.com/ComposioHQ/awe… by @composiohq - @prathitjoshi_, @Evyatar_Bluzer, @LeoVS09, Hong Cing Chen 🧰 IoT HackBot - IoT security toolkit combining Python CLI tools and Claude Code skills for automated discovery, firmware analysis, and exploitation-focused testing of IoT devices. ⭐️339 github.com/BrownFineSecur… by Brown Fine Security - @nmatt0 🧰 PatchEval - Benchmark for evaluating LLMs and agents on patching real-world vulnerabilities using Dockerized CVE testbeds and automated patch validation. ⭐️138 github.com/bytedance/Patc… by @BytedanceTalk - Jun ZENG, Zichao Wei, Shiqi Zhou 🧰 VulnRisk - Open-source vulnerability-risk assessment platform providing transparent, context-aware scoring beyond CVSS — ideal for local development and testing. ⭐️84 github.com/GurkhaShieldFo… 🧰 Wazuh-MCP-Server - Exposes Wazuh SIEM and EDR telemetry via Model Context Protocol so LLM agents can run threat-hunting and response playbooks against real data. ⭐️83 github.com/gensecaihq/Waz… by @GensecAI 🧰 mcp-checkpoint - Continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-tool communications. ⭐️81 github.com/aira-security/… by @Aira_Security 🧰 ai-reverse-engineering - AI-assisted reverse engineering tool letting an MCP-driven chat interface orchestrate Ghidra to analyze binaries for security research. ⭐️42 github.com/biniamf/ai-rev… by @TIIuae - @biniamfisseha 🧰 whisper_leak - Research toolkit showing how encrypted, streaming LLM conversations leak prompt information via packet sizes and timing; includes capture, training, and benchmark pipeline. ⭐️42 github.com/yo-yo-yo-jbo/w… by @yo_yo_yo_jbo 🧰 AI / LLM Red Team Field Manual & Consultant’s Handbook - Red-team playbook and consultant’s guide with attack prompts, RoE/SOW templates, OWASP/MITRE mappings, and testing workflows. ⭐️26 github.com/Shiva108/ai-ll… by @PenTestThor 🧰 LLMGoat - Deliberately vulnerable LLM lab for practicing and understanding OWASP Top 10 LLM vulnerabilities. ⭐️36 github.com/SECFORCE/LLMGo… by @SECFORCE_LTD - @thelicato, António Quina, Rodrigo Fonseca 🧰 Reversecore_MCP - Security-first MCP server empowering AI agents to orchestrate Ghidra, Radare2, and YARA for automated reverse engineering. ⭐️25 github.com/sjkim1127/Reve… 🧰 system-prompt-benchmark - Testing harness that runs LLM system prompts against 287 prompt-injection, jailbreak, and data-leak attacks using an Ollama-based judge. ⭐️3 github.com/KazKozDev/syst… by @KazKozDev 🧰 ctrl-alt-deceit - Extends MLEBench with sabotage tasks and monitoring tools to evaluate LLM agents that tamper with code, benchmarks, and usage logs. ⭐️3 github.com/TeunvdWeij/ctr… by @apolloaievals @Teun_vd_Weij 🧰 SOC-CERT AI Helper - Chrome extension using Gemini Nano and KEV-backed CVE enrichment to detect and prioritize web threats in-browser. ⭐️1 github.com/joupify/soc-ce… by joupify 🧰 aifirst-insecure-agent-labs - Chatbot agent exploit lab for practicing prompt injection, system-prompt extraction, and guardrail bypass with NeMo/regex guardrails. ⭐️1 github.com/trailofbits/ai… by @trailofbits - @willvandevanter 🧰 llm-security-framework - Security framework for AI-assisted development with tiered checklists, threat models, and docs to harden small AI projects quickly. ⭐️0 github.com/annablume/llm-… by Anna Blume

I'm happy to share the release of LLMGoat, an open source tool to learn about the OWASP Top 10 vulnerabilities for LLM apps. With LLMGoat you can deploy a containerized vulnerable environment and practice attacking it the way a real attacker would. secforce.com/llm-goat