appsecco / vulnerable-mcp-servers-labLinks
A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.
☆196Updated 3 weeks ago
Alternatives and similar repositories for vulnerable-mcp-servers-lab
Users that are interested in vulnerable-mcp-servers-lab are comparing it to the libraries listed below
Sorting:
- Enumeration/exploit/analysis/download/etc pentesting framework for GCP; modeled like Pacu for AWS; a product of numerous hours via @Webbi…☆275Updated 8 months ago
- A tool to help pentesters quickly identify privileged principals and second-order privilege escalation opportunities in unfamiliar AWS ac…☆138Updated 2 months ago
- Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments☆141Updated last year
- AIGoat: A deliberately Vulnerable AI Infrastructure. Learn AI security through solving our challenges.☆262Updated 4 months ago
- Hands-on MCP security lab: 10 real incidents reproduced with vulnerable/secure MCP servers, pytest regressions, and Claude/Cursor battle-…☆68Updated last month
- A web CTF for training developers in bug hunting and secure coding!☆100Updated last year
- ☆191Updated 9 months ago
- Payloads for AI Red Teaming and beyond☆314Updated 4 months ago
- Offensive Kubernetes Threat Matrix -- kubenomicon.com☆46Updated 5 months ago
- ☆236Updated 3 weeks ago
- AWS IAM Username Enumerator and Password Spraying Tool in Python3☆86Updated last month
- A tool for scanning public or private AMIs for sensitive files and secrets. The tool follows the research made on AWS CloudQuarry where w…☆113Updated last year
- An AWS IAM Privilege Escalation Path Library☆103Updated this week
- RansomWhen is a tool to enumerate identities that can lock S3 Buckets using KMS, resulting in ransomwares, as well as detect occurances o…☆59Updated 11 months ago
- A research project to add some brrrrrr to Burp☆196Updated 11 months ago
- Secrets Ninja is an GUI tool for validating & investigating API keys discovered during pentesting & bug bounty hunting.☆157Updated last month
- Feed it a number. Your cloned voice does the social engineering, while you sip your coffee. A ghost that talks on the phone for you.☆108Updated 7 months ago
- A tool to keep AWS pentests and red teams efficient, organized, and stealthy.☆96Updated 2 weeks ago
- ☆117Updated 2 weeks ago
- FrogPost: postMessage Security Testing Tool☆105Updated last month
- Burp Suite extension for testing Passkey systems.☆75Updated 9 months ago
- Halberd : Multi-Cloud Agentic Attack Tool☆328Updated last week
- gubble is a tool designed to audit Google Workspace group settings. It analyzes settings such as who can join, view membership, post mess…☆79Updated 7 months ago
- A simple script which implements different Cognito attacks such as Account Oracle or Priviledge Escalation☆109Updated last year
- Putting a leash on naughty AWS permissions☆132Updated 4 months ago
- This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs☆37Updated last year
- Dredging up secrets from the depths of the file system☆131Updated last year
- IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.☆106Updated 2 years ago
- This repo contains IOC, malware and malware analysis associated with Public cloud☆248Updated last year
- Verizon Burp Extensions: AI Suite☆141Updated 8 months ago