Open-source —

What we ship, for free.

Public repos from the SL7 lab. Auditors, exploit chains, scanners, and primitives we wanted ourselves. MIT-licensed where applicable. Fork, file issues, send PRs.

Request Demo

Repositories

Eight tools, still in the open.

Star counts and forks from github.com/securelayer7. Click through for source, README, and issues.

207★ · 52 forks

OSS · TYPESCRIPT · MIT

sandyaa — autonomous code auditor that keeps digging until it finds and proves real bugs

OPEN ON GITHUB →

49★ · 13 forks

OSS · CVE SCANNER

CVE-2024-38856_Scanner — Apache OFBiz pre-auth RCE scanner

OPEN ON GITHUB →

17★

OSS · HARDWARE · UART

PinNinja — identify UART RX/TX/GND pins on unknown hardware

OPEN ON GITHUB →

17★

OSS · IOT EXPLOIT

pwnfb50 — FB50 smart-lock takeover (CVE-2019-13143) exploit + write-up

OPEN ON GITHUB →

17★

OSS · LLM SAFETY

PROMPTPurify — prompt-injection guardrail for LLM-backed apps

OPEN ON GITHUB →

CVE research

Twenty disclosures catalogued in NVD.

Every CVE SecureLayer7 has disclosed, with the year, vendor, and write-up link. Maintained at Security advisories.

See the disclosure index →

Contribute

Found a bug, or want to extend one of these?

File an issue on GitHub. We triage weekly. For security-sensitive reports, mail info@securelayer7.net first, not the public tracker.

Open issues on GitHub