Stars
A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licโฆ
C2concealer is a command line tool that generates randomized C2 malleable profiles for use in Cobalt Strike.
APT & CyberCriminal Campaign Collection
Various public documents, whitepapers and articles about APT campaigns
Tool to discover external and internal network attack surface
Appsecco training course content on Attacking and Auditing Dockers Containers and Kubernetes Clusters
A collection of Azure AD/Entra tools for offensive and defensive security purposes
TREVORspray is a modular password sprayer with threading, clever proxying, loot modules, and more!
A password spraying tool for Microsoft Online accounts (Azure/O365). The script logs if a user cred is valid, if MFA is enabled on the account, if a tenant doesn't exist, if a user doesn't exist, iโฆ
Scripts to make password spraying attacks against Lync/S4B, OWA & O365 a lot quicker, less painful and more efficient
Wordlists for creating statistically likely username lists for use in password attacks and security testing
A wordlist of API names for web application assessments
Enumerate information from NTLM authentication enabled web endpoints ๐
Uncover forgotten secrets and bring them back to life, haunting security and operations teams.
A collection of red team and adversary emulation resources developed and released by MITRE.
A curated list of awesome BloodhoundAD resources
Automated Attack Simulation in the Cloud, complete with detection use cases.
This repository contains cutting-edge open-source security tools (OST) for a red teamer and threat hunter.
A centralized dashboard for running and scheduling WordPress scans powered by wpscan utility.
Retired beginner/intermediate malware analysis training materials from @pedramamini and @erocarrera.
MONARC - Method for an Optimised aNAlysis of Risks by @NC3-LU
Targeted evil twin attacks against WPA2-Enterprise networks. Indirect wireless pivots using hostile portal attacks.
๐ A toolkit for testing, tweaking and cracking JSON Web Tokens
Python template to assist with buffer overflows
Python script for converting nessus report file into csv format
A datasource assessment on an event level to show potential coverage or the MITRE ATT&CK framework