Skip to content
@appsecco

Appsecco

VA/PT | DevSecOps | Cloud Native Security | Kubernetes | Docker | AWS

Pinned Loading

  1. mcp-client-and-proxy mcp-client-and-proxy Public

    A universal MCP client with proxying feature to interact with MCP Servers which support STDIO transport.

    Python 16 3

  2. pentesting-mcp-servers-checklist pentesting-mcp-servers-checklist Public

    A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and lic…

    31 4

  3. breaking-and-pwning-apps-and-servers-aws-azure-training breaking-and-pwning-apps-and-servers-aws-azure-training Public

    Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

    CSS 951 258

  4. dvna dvna Public

    Damn Vulnerable NodeJS Application

    SCSS 766 879

  5. the-art-of-subdomain-enumeration the-art-of-subdomain-enumeration Public

    This repository contains all the supplement material for the book "The art of sub-domain enumeration"

    Python 663 153

  6. vulnerable-mcp-servers-lab vulnerable-mcp-servers-lab Public

    A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.

    JavaScript 246 45

Repositories

Showing 10 of 56 repositories
  • mcp-client-and-proxy Public

    A universal MCP client with proxying feature to interact with MCP Servers which support STDIO transport.

    appsecco/mcp-client-and-proxy’s past year of commit activity
    Python 16 MIT 3 0 0 Updated Mar 31, 2026
  • vulnerable-mcp-servers-lab Public

    A collection of servers which are deliberately vulnerable to learn Pentesting MCP Servers.

    appsecco/vulnerable-mcp-servers-lab’s past year of commit activity
    JavaScript 246 MIT 45 0 1 Updated Dec 18, 2025
  • pentesting-mcp-servers-checklist Public

    A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.

    appsecco/pentesting-mcp-servers-checklist’s past year of commit activity
    31 CC-BY-4.0 4 0 0 Updated Dec 18, 2025
  • raptor Public Forked from gadievron/raptor

    Raptor turns Claude Code into a general-purpose AI offensive/defensive security agent. By using Claude.md and creating rules, sub-agents, and skills, we configure the agent for adversarial thinking, and perform research or attack/defense operations.

    appsecco/raptor’s past year of commit activity
    Python 1 MIT 251 0 0 Updated Dec 2, 2025
  • dvcsharp-api Public

    Damn Vulnerable C# Application (API)

    appsecco/dvcsharp-api’s past year of commit activity
    C# 80 MIT 287 4 6 Updated Jul 15, 2024
  • kubernetes-ptaas-scripts Public

    Scripts to generate kubeconfig files required to perform a PT.

    appsecco/kubernetes-ptaas-scripts’s past year of commit activity
    Shell 1 MIT 0 0 0 Updated Apr 29, 2024
  • dvna Public

    Damn Vulnerable NodeJS Application

    appsecco/dvna’s past year of commit activity
    SCSS 766 MIT 879 2 12 Updated Mar 27, 2024
  • dvja Public

    Damn Vulnerable Java (EE) Application

    appsecco/dvja’s past year of commit activity
    CSS 148 MIT 549 2 16 Updated Jan 23, 2024
  • kubeseco Public

    Application Security Workflow Automation using Docker and Kubernetes

    appsecco/kubeseco’s past year of commit activity
    JavaScript 23 MIT 10 2 6 Updated Dec 11, 2022
  • breaking-and-pwning-apps-and-servers-aws-azure-training Public

    Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

    appsecco/breaking-and-pwning-apps-and-servers-aws-azure-training’s past year of commit activity
    CSS 951 MIT 258 1 0 Updated Nov 26, 2022
View all repositories

Top languages

Loading…

Most used topics

Loading…