A practical, community-driven checklist for pentesting MCP servers. Covers traffic analysis, tool-call behavior, namespace abuse, auth flows, and remote server risks. Maintained by Appsecco and licensed for remixing.

A universal MCP client with proxying feature to interact with MCP Servers which support STDIO transport.

Damn Vulnerable C# Application (API)

Scripts to generate kubeconfig files required to perform a PT.

Damn Vulnerable NodeJS Application

Damn Vulnerable Java (EE) Application

Application Security Workflow Automation using Docker and Kubernetes

Course content, lab setup instructions and documentation of our very popular Breaking and Pwning Apps and Servers on AWS and Azure hands on training!

A simple PHP application to learn SQL Injection detection and exploitation techniques.