Welcome to the Lorikeet Security GitHub. This is home to open-source tools, scanners, recon tooling, and security resources we've built and released to the community.

Lorikeet Security is an offensive security company delivering penetration testing, attack surface management, compliance and vCISO services, cyber awareness training, and CTF event hosting through a unified SaaS platform powered by Lory, our AI security assistant.

The repos below are open-source releases from Lorikeet Security and our event hosting brand, Parrot CTFs. Many are previous internal tooling we've open-sourced for the community to use, fork, and build on. Most are no longer actively maintained, but they're free to use under their respective licenses.

• PCTFS-MICROLABS: A free, standalone web application for hands-on cybersecurity skills practice. No subscription required.
• PCTFS_Crypto_Scanner: Analyze any local workspace or GitHub repository for cryptographic primitives, risky implementations, and secret handling.
• install-diy-local-lab: Deploy a local, scaled-down version of popular vulnerable lab environments without paying for a subscription.
• Grpc_TradingServer: Realtime price change server built with Kafka. Originally powered the Wall Street Hijack CTF challenge.
• parrot-recon: Recon automation tooling for bug bounty hunters.
• MobileApp-Pentest-Cheatsheet: A concise, high-value reference for mobile application penetration testing topics.
• OWASP-Testing-Checklist: An Excel-based OWASP web application security testing checklist for tracking test case status.
• pentest-automation: A growing collection of penetration testing automation scripts.
• Parrot_CTFs-Layan-gtk-theme: Parrot CTFs-branded GTK theme for AthenaOS.

• Penetration Testing (PTaaS): Web app, API, cloud, mobile, network, and red team assessments starting at $2,500, delivered through a real-time client portal with compliance-ready reports.
• Attack Surface Management (ASM): Continuous external monitoring for exposures your team might not know exist.
• Compliance & vCISO: SOC 2 Type II, ISO 27001, PCI DSS, HIPAA. Routing engine across pentest, evidence automation, and audit readiness, powered by Lory AI.
• Cyber Awareness & Phishing Simulations: 12 training modules, 57 lessons across 3 skill levels, with real-time analytics and compliance-ready reporting.
• AI Code Security Reviews: Targeted reviews for AI-generated codebases catching hardcoded secrets, missing auth, and open APIs.
• CTF Event Hosting (via Parrot CTFs): Professional, turnkey Capture the Flag events for hiring assessments, team training, and conferences. Custom pricing from ~$2,500.

Learn more at lorikeetsecurity.com.

These projects are open source and community contributions are welcome.

• Report Bugs: Open an issue on the relevant repository's GitHub Issues page.
• Submit PRs: Fork the repo, make your changes, and open a pull request. Keep commits focused and include context in your PR description.
• Sponsor: Support our open-source work via GitHub Sponsors.

Note: most of these repos are no longer actively maintained internally, so review and merge times may vary.

• Lorikeet Security: lorikeetsecurity.com
• Parrot CTFs (Events): parrot-ctfs.com
• Blog: parrot-ctfs.com/blog. Offensive security write-ups, vulnerability breakdowns, and threat intel.
• Support: support@lorikeetsecurity.com
• Social: Instagram · X / Twitter · LinkedIn · YouTube