Holistic Application Security — Offensive & Defensive Open Source Tooling
A complete open-source ecosystem for application security. From AI-powered pentesting to LLM guardrails and structured assessment methodologies.
Scroll
Holistic Application Security — Offensive & Defensive Open Source Tooling
A complete open-source ecosystem for application security. From AI-powered pentesting to LLM guardrails and structured assessment methodologies.
What We Do
AI-driven penetration testing, automated vulnerability scanning, and exploit validation. Let intelligent agents find what manual testing misses.
LLM guardrails, prompt injection protection, and runtime monitoring. Intercept threats before they reach your models and applications.
Structured assessment frameworks and community-driven knowledge. Repeatable, thorough security reviews built on proven standards.
Open Source Projects
AI-Driven Penetration Testing Agent
Claude orchestrates security tools autonomously—deciding what to run, in what order, and when to stop. Containerized tooling with a real-time dashboard and 50+ integrated security utilities.
LLM Guardrail Proxy
Intercepts and scans all LLM communications for prompt injection, toxicity, and leaked secrets. Works with any provider—OpenAI, Anthropic, Azure, Ollama. Three integration modes: Direct Scan, Gateway Hook, Transparent Proxy.
Whitebox Security Assessment Methodology
A structured, step-by-step guide for comprehensive application security assessments. Built for security champions and AppSec engineers embedding security into the development cycle.
Security Skills & Knowledge Base
Curated collection of pentesting skills covering AI red teaming, container security, OSINT, threat modeling, network assessment, and more. Community-driven and open for contribution.
The Ecosystem
Every tool feeds the next. Methodology informs testing, testing reveals what to defend, defense generates knowledge, and knowledge refines the methodology.
← Continuous cycle — knowledge feeds back into methodology →
Community
NullPointer is fully open source and community-driven. Whether you're a pentester, security engineer, or developer—there's a place for you. Contribute code, share knowledge, or just hang out.