MCPwned is a companion extension that enables pentesters to effectively test MCP servers. It recognizes MCP-like endpoints, provies a scanner and a tree-like display of capabilities, as well as a template request for each capability. It also provides quality of life features such as response extracting and session ID refresh.
☆20Jul 3, 2026Updated last week
Alternatives and similar repositories for MCPwned
Users that are interested in MCPwned are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven te…☆67Updated this week
- Combine words from two wordlist files and concatenate them with an optional delimiter☆40Sep 25, 2023Updated 2 years ago
- API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs☆107Updated this week
- A simple OAuth App designed to capture OAuth tokens when users authenticate through GitHub OAuth flow.☆25Apr 20, 2026Updated 2 months ago
- Organizational asset discovery tool with 20+ plugins covering certificate transparency, passive DNS, and all 5 Regional Internet Registri…☆85Updated this week
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 5 months ago
- An extension for Burp's Web Vulnerability Scanner that can detect API discovery metadata and extract data useful during recon.☆19Sep 13, 2025Updated 10 months ago
- A list of data breach lookup and other OSINT tools☆141Mar 30, 2026Updated 3 months ago
- The malicious IdP you were looking for. A weaponized Single Sign-On (SSO) Identity Provider (IdP) for security testing of OIDC and SAML 2…☆38Jun 6, 2026Updated last month
- Security AI helper for Caido: pipes your local Claude Code / Gemini / Codex / Copilot CLI through 18 MCP tools for manual web security te…☆37Jun 26, 2026Updated 2 weeks ago
- Smuggling C2 comms through links previews☆18Jun 17, 2026Updated 3 weeks ago
- 一款支持检测web应用程序未授权访问缺陷的burp suite插件,可自定义配置检测字段以及返回包json数据分析☆13Apr 22, 2024Updated 2 years ago
- Kibana app for RedELK☆18Mar 19, 2023Updated 3 years ago
- Burp plugin for jxscout☆22May 12, 2025Updated last year
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- ☆27Apr 12, 2026Updated 3 months ago
- Step-by-step documentation on how to decrypt SCCM database secrets offline☆50Oct 20, 2025Updated 8 months ago
- OWASP Foundation Web Respository☆11Jul 1, 2026Updated last week
- AWS Quick Start Team☆16Oct 3, 2024Updated last year
- Python CLI that creates GitHub repos with safe defaults — branch protection, Dependabot, secret scanning, and pre-flight security scannin…☆38Jul 7, 2026Updated last week
- Windows native ETW inspection suite for browsing providers, reading metadata, consuming live events, recording ETL traces, filtering resu…☆86Jun 27, 2026Updated 2 weeks ago
- OpenGraph Collector for Tailscale☆43Updated this week
- some bare tooling for interacting with Blazor Server☆14Aug 5, 2022Updated 3 years ago
- Jailbreaker is a local evaluation tool for testing chatbot and agent-style systems against jailbreak, prompt-injection, and related failu…☆63Jun 26, 2026Updated 2 weeks ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- A collaborative web exploitation framework.☆28Updated this week
- Detect public repository dependencies in the GitHub repositories with an orphan required library.☆24Jun 19, 2026Updated 3 weeks ago
- Send high priority Deep Security events to the AWS Security Hub☆13Jul 31, 2019Updated 6 years ago
- Experimental Linux strace LLM agent☆20Apr 23, 2026Updated 2 months ago
- ☆29Nov 22, 2023Updated 2 years ago
- Proteus is a plugin for Claude Code, Codex and Opencode, plus a local runtime, for structured, continuous vulnerability research.☆27Updated this week
- ☆79Jan 1, 2026Updated 6 months ago
- All-round bug bounty skill for Claude Code parallelized agents for smart contract audits (EVM, Move, Solana, TRON), web/API security, an…☆174Updated this week
- Framework for Automated Security Testing that is Scaleable and Asynchronous built on Microservices☆18Oct 13, 2016Updated 9 years ago
- Simple, predictable pricing with DigitalOcean hosting • AdAlways know what you'll pay with monthly caps and flat pricing. Enterprise-grade infrastructure trusted by 600k+ customers.
- Code for our opus 4.6 vulnerability detection benchmark☆19May 11, 2026Updated 2 months ago
- Janus analyzes C2 telemetry to surface failure patterns, operator friction, and automation opportunities across engagements.☆54Jun 23, 2026Updated 3 weeks ago
- Executing Shellcode with ReadDirectoryChanges’s Hidden Callback☆31Oct 13, 2025Updated 9 months ago
- ☆158Mar 31, 2026Updated 3 months ago
- CICD Abuse Detection☆40Apr 28, 2026Updated 2 months ago
- Subdomain Scanner - the most exhaustive tool for sub-domain recognition and mapping to related IPs and ASNs☆18Jul 4, 2025Updated last year
- A local tool for ingesting Windows Patch Tuesday CVEs, diffing patched binaries with Ghidriff and surfacing LLM-generated security analys…☆55May 19, 2026Updated last month