Tools, scripts, and research PoCs for Purple Team, Red Team, AI Security, Forensic, and Cloud security. Authorized use only.
Security Research Labs is the official Guardz repo for open-source security tooling: config analyzers, Microsoft 365 / Entra recon scripts, purple-team detection emulations, and AI skill security. MIT-licensed; each tool lives in a dedicated folder with its own README.
Dynamic badges from the GitHub API (via Shields.io) update automatically.
| Folder | Contents |
|---|---|
| AI-Tools/ | AI security: OpenClaw Analyzer (config analysis), SkillScan (skill file/URL security scanning). |
| PurpleTeam-Emulation/ | Purple team / detection testing: Endpoint (certutil, EDR telemetry simulator, Office macro tampering emulation). |
| M365/ | Microsoft 365 / Entra: DeviceStrike, SPO Ext Recon, GraphRunner QuickStart. |
| GWS/ | Google Workspace security tools (placeholder). |
| Threat-Hunting/ | IOCs, detection artifacts, threat intelligence (IOCs placeholder). |
For teams that rely on the same caliber of intelligence and tooling as Microsoft Threat Intelligence GitHub, Mandiant Google Cloud GitHub, and Anthropic GitHub open, actionable tools for defenders, red teams, and AI security.
| Audience | Use case |
|---|---|
| Cloud Security | Microsoft 365 and Google Workspace. |
| AI security | Securing AI assistants and agents: config hardening, exposure detection, supply-chain and skill safety. |
| Purple team | Hardening checks, config review, detection-oriented recon. |
| Red team | Authorized recon, token flows, M365/cloud attack-surface mapping. |
| Forensic | Evidence gathering, mailbox/SharePoint/Teams search patterns, audit trails. |
Use only on systems and tenants you own or have explicit permission to test.
- Authorized use only. These tools are for security research, authorized testing, and defensive operations. Use them only on systems and tenants you own or have explicit permission to test.
- No misuse. Do not use this repo to gain unauthorized access, exfiltrate data, or violate laws or organizational policies. Misuse is your responsibility.
- Operational risk. Recon and auth scripts can trigger alerts or rate limits. Coordinate with stakeholders and follow change management where required.
- Data handling. Output may contain sensitive information. Handle and retain it according to your classification and retention policies.
By using this repository you agree to use it in a lawful and authorized manner. See SECURITY.md for how to report vulnerabilities in the repo itself.
- Bugs and features: Open an issue. Use the issue templates when possible.
- Security vulnerabilities: Do not report in public issues. See SECURITY.md for private reporting.
- Discussions: Use GitHub Discussions for questions and ideas if enabled; otherwise open an issue.
- Contributions: Pull requests welcome. Read CONTRIBUTING.md and CODE_OF_CONDUCT.md first.
We do not provide formal SLAs or commercial support; we respond when we can.
MIT License. Subdirectories may contain their own license files; where present, they apply to that project.
