Tools, scripts, and research PoCs for Purple Team, Red Team, AI Security, Forensic, and Cloud security. Authorized use only.
Security Research Labs is the official Guardz repo for open-source security tooling: config analyzers, Microsoft 365 / Entra recon scripts, purple-team detection emulations, and AI skill security. MIT-licensed; each tool lives in a dedicated folder with its own README.
| Category | Folder | Contents |
|---|---|---|
 |
AI-Cloud-Tools/ | AI: OpenClaw Analyzer, SkillScan. M365-Tools: OAuth IOCs checker, EntraReaper (MCP + AADInternals for authorized Entra ID red team). |
 |
Purple-Team-Emulation/ | Endpoint: certutil, EDR telemetry simulator, Office macro tampering, BloodHound emulation, Nmap scanning emulation. |
 |
CloudAdversary/M365/ | DeviceStrike, Entra ID Smart Lockout (Entra-ID-DOS), SPO Ext Recon, GraphRunner QuickStart. |
 |
Purple-Team-Emulation/GWS/ | Google Workspace security tools (placeholder). |
 |
Threat-Intel/ | IOCs, detection artifacts, threat intelligence. |
 |
Research/ | Research outputs, landscape studies, and reference materials (e.g. AiTM tools). |
| Category | Audience | Use case |
|---|---|---|
 |
Cloud Security | Microsoft 365 and Google Workspace. |
|
AI security | Securing AI assistants and agents: config hardening, exposure detection, supply-chain and skill safety. |
|
Purple team | Hardening checks, config review, detection-oriented recon. |
 |
Red team | Authorized recon, token flows, M365/cloud attack-surface mapping. |
 |
Forensic | Evidence gathering, mailbox/SharePoint/Teams search patterns, audit trails. |
Authorized use only. Use only on systems and tenants you own or have explicit permission to test.
Compliance & authorized use
- Authorized use only. These tools are for security research, authorized testing, and defensive operations. Use them only on systems and tenants you own or have explicit permission to test.
- No misuse. Do not use this repo to gain unauthorized access, exfiltrate data, or violate laws or organizational policies. Misuse is your responsibility.
- Operational risk. Recon and auth scripts can trigger alerts or rate limits. Coordinate with stakeholders and follow change management where required.
- Data handling. Output may contain sensitive information. Handle and retain it according to your classification and retention policies.
By using this repository you agree to use it in a lawful and authorized manner. See SECURITY.md for how to report vulnerabilities in the repo itself.
- Bugs and features: Open an issue. Use the issue templates when possible.
- Security vulnerabilities: Do not report in public issues. See SECURITY.md for private reporting.
- Discussions: Use GitHub Discussions for questions and ideas if enabled; otherwise open an issue.
- Contributions: Pull requests welcome. Read CONTRIBUTING.md and CODE_OF_CONDUCT.md first.
We do not provide formal SLAs or commercial support; we respond when we can.
MIT License. Subdirectories may contain their own license files; where present, they apply to that project.