Appsecco

All

55 repositories

raptor
Public
Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, we configure the agent for adversarial thinking, and perform research or attack/defense operations.
Python
•
MIT License
•79•0•0•0•Updated Dec 2, 2025Dec 2, 2025
pentesting-mcp-servers-checklist
Public
A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.
Creative Commons Attribution 4.0 International
•2•13•0•0•Updated Nov 27, 2025Nov 27, 2025
mcp-client-and-proxy
Public
A universal MCP client with proxying feature to interact with MCP Servers which support STDIO transport.
Python
•
MIT License
•1•9•0•0•Updated Nov 16, 2025Nov 16, 2025
dvcsharp-api
Public
Damn Vulnerable C# Application (API)
C#
•
MIT License
•281•78•4•6•Updated Jul 15, 2024Jul 15, 2024
kubernetes-ptaas-scripts
Public
Scripts to generate kubeconfig files required to perform a PT.
Shell
•
MIT License
•0•1•0•0•Updated Apr 29, 2024Apr 29, 2024
dvna
Public
Damn Vulnerable NodeJS Application
nodejs testing security hack owasp vulnerable owasp-top-10 vulnerable-apps dvna
SCSS
•
MIT License
•830•755•2•12•Updated Mar 27, 2024Mar 27, 2024
dvja
Public
Damn Vulnerable Java (EE) Application
java docker vulnerable-app
CSS
•
MIT License
•526•144•2•16•Updated Jan 23, 2024Jan 23, 2024
kubeseco
Public
Application Security Workflow Automation using Docker and Kubernetes
JavaScript
•
MIT License
•10•23•2•6•Updated Dec 11, 2022Dec 11, 2022
breaking-and-pwning-apps-and-servers-aws-azure-training
Public
Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!
opensource penetration-testing free application-security pentesting aws-security azure-security
CSS
•
MIT License
•259•945•1•0•Updated Nov 26, 2022Nov 26, 2022
sqlinjection-training-app
Public
A simple PHP application to learn SQL Injection detection and exploitation techniques.
exploit sql-injection application-security web-security appsec vulnerable-web-app owasp-top-10 owasp-top-ten vulnerable-apps training-app
PHP
•
MIT License
•57•126•0•2•Updated Oct 18, 2022Oct 18, 2022
prowler-aws-securityhub-integration
Public
Using Prowler to Automate Compliance Checks for AWS CIS Benchmarks
Python
•
MIT License
•6•9•0•0•Updated Oct 11, 2022Oct 11, 2022
django-rev-shell
Public
A simple django app to provide a reverse shell when deployed and invoked.
Python
•
MIT License
•5•5•0•0•Updated May 30, 2022May 30, 2022
vulnerable-apps
Public
docker security ansible applications labs vulnerabilities
Python
•
Apache License 2.0
•62•218•0•0•Updated Mar 25, 2022Mar 25, 2022
opa-traefik-microservice-authz
Public
Proof of concept implementation of a scenario using Open Policy Agent for microservices authorization in API Gateway (Traefik).
JavaScript
•
MIT License
•8•43•0•1•Updated Jan 5, 2021Jan 5, 2021
raneto-docker
Public
Docker container for Markdown based Raneto Knowledgebase
docker markdown devops automation knowledgebase raneto
JavaScript
•14•39•0•1•Updated Dec 28, 2020Dec 28, 2020
sqlinjectionloginbypass
Public
A simple app to demo SQL Injection login bypass
PHP
•
MIT License
•17•26•0•0•Updated Dec 15, 2020Dec 15, 2020
anchore-engine
Public
A service that analyzes docker images and applies user-defined acceptance policies to allow automated container image validation and certification
Python
•
Apache License 2.0
•273•0•0•0•Updated Sep 10, 2020Sep 10, 2020
asn-search-api
Public
A Golang API over MaxMind ASN database
Go
•
MIT License
•2•2•0•0•Updated Jul 30, 2020Jul 30, 2020
container-image-scanner-api
Public
A minimalist Go API to scan Docker images for security vulnerabilities and weaknesses
Go
•
MIT License
•3•2•0•0•Updated Jul 30, 2020Jul 30, 2020
CloudPentestCheatsheets
Public
This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage cloud providers.
MIT License
•553•22•0•0•Updated Jun 14, 2020Jun 14, 2020
kube-scan
Public
kube-scan: Octarine k8s cluster risk assessment tool
Go
•
MIT License
•107•1•0•0•Updated May 11, 2020May 11, 2020
attacking-cloudgoat2
Public
A step-by-step walkthrough of CloudGoat 2.0 scenarios.
aws documentation pentesting walkthrough aws-security cloud-security pentesting-resources cloudgoat
MIT License
•52•134•0•0•Updated Apr 28, 2020Apr 28, 2020
kccss
Public
Kubernetes Common Configuration Scoring System
TypeScript
•
MIT License
•21•0•0•0•Updated Apr 23, 2020Apr 23, 2020
secrets-in-google-cloud-run-with-google-cloud-build
Public
Baking secrets in Google Cloud Run containers using Google Cloud Build
Python
•
MIT License
•2•2•0•0•Updated Mar 18, 2020Mar 18, 2020
devsecops-using-cloudnative-workshop
Public
This repo contains workshop material delivered at #nullcon2020
HTML
•
MIT License
•14•16•0•1•Updated Mar 6, 2020Mar 6, 2020
VyAPI
Public
VyAPI - A cloud based vulnerable hybrid Android App
application-security aws-cognito mobile-security vulnerable-app
Java
•
MIT License
•25•86•1•0•Updated Feb 21, 2020Feb 21, 2020
spaces-finder
Public
A tool to hunt for publicly accessible DigitalOcean Spaces
osint infosec pentesting recon reconnaissance digitalocean-spaces spaces-finder
Python
•
MIT License
•29•157•0•0•Updated Jan 21, 2020Jan 21, 2020
defcon-26-workshop-attacking-and-auditing-docker-containers
Public
DEF CON 26 Workshop - Attacking & Auditing Docker Containers Using Open Source
docker security security-audit opensource containers pentesting defcon
40•109•0•1•Updated Nov 18, 2019Nov 18, 2019
c0c0n-2019-ctf-writeups
Public
CTF write-ups from c0c0n 2019 CTF challenges that we participated
MIT License
•4•7•0•0•Updated Oct 5, 2019Oct 5, 2019
J2M
Public
[UNMAINTAINED] Convert from JIRA text formatting to GitHub Flavored MarkDown and back again
JavaScript
•137•0•0•0•Updated Jun 16, 2019Jun 16, 2019