CiCiNL

wrongsecrets

Vulnerable app with examples showing how to not use secrets

centra-py-client

A Python client for Guardicore Centra API access.

MAAD-AF

MAAD Attack Framework - An attack tool for simple, fast & effective security testing of M365 & Entra ID (Azure AD).

DjangoOnKubernetes

Putting a basic Django application on Kubernetes via Helm

scope

Monitoring, visualisation & management for Docker & Kubernetes

BloodHound

Six Degrees of Domain Admin

maigret

🕵️‍♂️ Collect a dossier on a person by username from thousands of sites

vulnapi

Intentionaly very vulnerable API with bonus bad coding practices

vulnerable-graphql-api

A very vulnerable implementation of a GraphQL API.

Damn-Vulnerable-GraphQL-Application

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

node-api-goat

A simple Node.js Express REST app with some OWASP vulnerabilities.

DamnVulnerableMicroServices

This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development)

dvws-node

Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.

VAmPI

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing

Pixi

The Pixi module is a MEAN Stack web app with wildly insecure APIs!

crAPI

completely ridiculous API (crAPI)

python-cybereason

Command line interface to interact with Cybereason via API

TCERT-Tesorion_Vulnerability_Explorer

juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

amass

In-depth attack surface mapping and asset discovery

vectra_api_tools

Community driven python library, scripts, and other utilities for interacting with the Vectra API

TCERT-Cumulonimbus-UAL_Extractor

Cumulonimbus-UAL_Extractor is a PowerShell based tool created by the Tesorion CERT team to help gather the Unified Audit Logging out of a Microsoft 365 environment.

awesome-threat-detection

✨ A curated list of awesome threat detection and hunting resources 🕵️‍♂️

exploitdb

The legacy Exploit Database repository - New repo located at https://gitlab.com/exploit-database/exploitdb

google-drive-ocamlfuse

FUSE filesystem over Google Drive

cybereason

Async Cybereason API client

PayloadsAllTheThings

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

log4shell

Operational information regarding the log4shell vulnerabilities in the Log4j logging library.

EDR-Testing-Script

Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads

awesome-python

A curated list of awesome Python frameworks, libraries, software and resources