0xacb

You can install it here: github.com/0xacb/recoll...

Just released a new recollapse version thanks to @ryancbarnnet and @4ng3lhacker after their talk in BlackHat today.

What’s new?

💥Mode 6: Fuzz case folding/upper/lower

💥 Mode 7: Fuzz byte truncations

💥 Recollapse can now be used as a python library and is available on PyPI

Check it out 👇

Want to learn how to hack LLMs? The research team at
@ethiack.com just launched a 5-level CTF.

And we’ll be handing prizes to top performers every week, including @caido.io licenses!

👉 hacktheagent.com

We just dropped some research and used our hackbot to take it further. Read and go bypass some WAFs 🚨

Congrats Bruno Mendes for the great research 🔥

GitHub - ScrapeGraphAI/Scrapegraph-ai: Python scraper based on AI Python scraper based on AI. Contribute to ScrapeGraphAI/Scrapegraph-ai development by creating an account on GitHub.

You can install ScrapeGraphAI here:

How to use ScrapeGraphAI to generate a summary of a webpage and use NLTK to turn it into a target specific wordlist.

You'll find the nlp.py example script here 👉 https://blog.ethiack.com/blog/dont-fear-the-ai-reaper-using-llms-to-hack-better-and-faster

HackAIcon Get ready for the first-ever convention dedicated to the intersection of AI and Ethical Hacking. HackAICon 2025 is bringing together security pros and hackers to explore the cutting edge of offensive security in the age of artificial intelligence.

If you want to learn more about the latest in AI for hacking, check out HackAICon.

It will take place on September 25 in Lisbon:

If you're learning about vibe hacking, here's a cool article demonstrating how Matthew Keeley used AI to create a working exploit for CVE-2025-32433 before any public PoCs existed!

Well worth a read 👇
https://platformsecurity.com/blog/CVE-2025-32433-poc

Screen.studio

Don’t Fear The AI Reaper: Using LLMs to Hack Better and Faster Discover how Large Language Models (LLMs) are revolutionizing ethical hacking. This guide provides tutorials and resources to integrate AI into your workflow, making you a faster, more effective security researcher. Learn how to use LLMs to exploit vulnerabilities and better protect the internet, turning AI into your most powerful coworker.

You can also use LLMs and tools like alterx to generate a list of permutations from the extracted wordlist!

Learn more in my recent blog post:

How to grab subs for a target using subfinder, validate them and extract the text body from each response using httpx and jq, extract a wordlist of keywords using NLP then resolve them using puredns to find valid subdomains 👇

The Narrow Path: Why AI is Our Ultimate Test and Greatest Invitation TED Talk by Tristan Harris

Original post:

Is AI is our ultimate test? Just watched @tristanharris mind-blowing talk.

Remember him from The Social Dilemma? In this video, he explores how we may be repeating social media mistakes with AI but at a much more cosmic scale.

If you care about our collective future: https://tinyurl.com/3krd76zj

Don’t Fear The AI Reaper: Using LLMs to Hack Better and Faster Discover how Large Language Models (LLMs) are revolutionizing ethical hacking. This guide provides tutorials and resources to integrate AI into your workflow, making you a faster, more effective security researcher. Learn how to use LLMs to exploit vulnerabilities and better protect the internet, turning AI into your most powerful coworker.

Scripts and walkthrough can be found here 👇

Then, you can basically combine multiple tools to find more subdomains like this 👇

✅ Fetch all subdomains and scrape their content
✅ Use NLTK to tokenize, lemmatize, and filter relevant terms
✅ Remove stop words, apply length filters + rank by frequency
✅ Combine extracted keywords with LLMs for enrichment

Tools like Subwiz and alterx are great, but I also like to combine the power of LLMs with traditional NLP.

Here's how (read thread 🧵)

GitHub - hadriansecurity/subwiz: A recon tool that uses ML to predict subdomains. Then returns those that resolve. A recon tool that uses ML to predict subdomains. Then returns those that resolve. - hadriansecurity/subwiz

You can install it here:

Have you checked out @hadriansecurity's subwiz?

It's a recon tool that uses ML to predict and resolve subdomains👇

HackAIcon Get ready for the first-ever convention dedicated to the intersection of AI and Ethical Hacking. HackAICon 2025 is bringing together security pros and hackers to explore the cutting edge of offensive security in the age of artificial intelligence.

At @ethiack.com , we are organizing HackAICon on September 25th in Lisbon.

If you're interested in learning more, you can find details at:

Ready to explore how AI is transforming Ethical Hacking?

We've put together some introductory hands-on examples including:

🔍 Recon & Discovery
⚡ Exploit Development
🤖 Hackbots
🧠 Integrations & Plugins
🏆 CTF Challenges

Check it out: https://github.com/ethiack/ai4eh

Vibe Insecurity Crawl - HackAIcon 2025 Discover how AI is transforming both app development and hacking at HackAIcon 2025. Join security experts to learn about hacking in the age of AI.

Vibe coding became a thing. Everyone can now code, but where does that lead us regarding security?

We turned our time machine on and did a little trip to 2035 to get some answers 👀

nowafpls - Caido Convert Workflow nowafpls - Caido Convert Workflow. GitHub Gist: instantly share code, notes, and snippets.

Love the nowafpls Burp extension by @assetnote to bypass WAFs but using Caido?

@Rhynorater recreated it for @CaidoIO.

Check it out 👇

HackAIcon Get ready for the first-ever convention dedicated to the intersection of AI and Ethical Hacking. HackAICon 2025 is bringing together security pros and hackers to explore the cutting edge of offensive security in the age of artificial intelligence.

Want to learn more about the latest in AI hacking?

Then you may not want to miss HackAICon. It's gonna happen on September 25! Register at:

What's your take? 

I just wrote a blog on this called "Don't fear the AI reaper" to share my thoughts.

Read it here: https://blog.ethiack.com/blog/dont-fear-the-ai-reaper-using-llms-to-hack-better-and-faster

More takes in the workshop doc.

Looking for new bypasses or gadgets in Chrome?

Google publicly shares upcoming Chrome features through 'Intent to Ship' posts for community review.

Definitely worth keeping an eye on 👇
https://groups.google.com/a/chromium.org/g/blink-dev

Shout-out to @ctbbpodcast.bsky.social for the tip!

HackAIcon Get ready for the first-ever convention dedicated to the intersection of AI and Ethical Hacking. HackAICon 2025 is bringing together security pros and hackers to explore the cutting edge of offensive security in the age of artificial intelligence.

Want to learn more about the latest in AI hacking?

Then you may not want to miss HackAICon. It's gonna happen on September 25!

Register now:

Vibe coded a PHP app using Claude code.

Path traversal is prevented via basename functions.

Can you still exploit it? 🤔

A shell is waiting for you at https://ai4eh.ethiack.ninja

DMARC can reveal more domains associated with a target.

https://dmarc.live/info/<target-domain> allows you to find domains using the same DMARC record. Check it out 👇

There's also a python tool: https://github.com/Tedixx/dmarc-subdomains

A cool recon trick to find more targets is to check out CSP policies for juicy assets.

csprecon can do this for you 👉 https://github.com/edoardottt/csprecon