Burp Suite Extension useful to verify OAUTHv2 and OpenID security
☆191Dec 3, 2024Updated last year
Alternatives and similar repositories for oauth-scan
Users that are interested in oauth-scan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆176Oct 26, 2024Updated last year
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆36May 14, 2022Updated 3 years ago
- ☆105Oct 18, 2020Updated 5 years ago
- UAC-ByPass utils☆11Jan 28, 2022Updated 4 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆118Jun 17, 2023Updated 2 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting with the flexibility to host WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Cloudways by DigitalOcean.
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆329Mar 27, 2024Updated 2 years ago
- A projectdiscovery driven attack surface monitoring bot powered by axiom☆188Aug 11, 2022Updated 3 years ago
- Real world bug bounty wordlists☆116Jul 20, 2023Updated 2 years ago
- ☆74Nov 5, 2018Updated 7 years ago
- ☆1,202Sep 2, 2022Updated 3 years ago
- ☆32Sep 23, 2022Updated 3 years ago
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Nov 10, 2025Updated 4 months ago
- This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com☆106Aug 6, 2022Updated 3 years ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆426Feb 20, 2026Updated last month
- DigitalOcean Gradient AI Platform • AdBuild production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- Just some bash scripting to help your recon.☆16Feb 4, 2026Updated last month
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆49Apr 25, 2022Updated 3 years ago
- An aggressor script for Cobalt Strike to query Windows' GetLastError messages☆18Sep 25, 2022Updated 3 years ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆93Jun 11, 2023Updated 2 years ago
- A script used to query the dehashed API and filter for more useful results☆16Jun 20, 2021Updated 4 years ago
- A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities☆119Nov 23, 2023Updated 2 years ago
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆484Jul 9, 2024Updated last year
- Convert an IP into Alternative / Obfuscated versions of itself☆14Aug 13, 2022Updated 3 years ago
- End-to-end encrypted cloud storage - Proton Drive • AdSpecial offer: 40% Off Yearly / 80% Off First Month. Protect your most important files, photos, and documents from prying eyes.
- BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔☆855Jun 27, 2022Updated 3 years ago
- A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…☆398Mar 6, 2026Updated 3 weeks ago
- Client Side Prototype Pollution Scanner☆524Sep 17, 2022Updated 3 years ago
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆18May 17, 2020Updated 5 years ago
- Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (c…☆1,103Nov 9, 2024Updated last year
- List DTDs and generate XXE payloads using those local DTDs.☆653Feb 21, 2024Updated 2 years ago
- I collected it to help the bug hunter get a reward☆56Sep 7, 2022Updated 3 years ago
- security.txt collection of most popular world-wide domains☆56Sep 25, 2023Updated 2 years ago
- A wordlist of API names for web application assessments☆873Jun 17, 2025Updated 9 months ago
- Wordpress hosting with auto-scaling on Cloudways • AdFully Managed hosting built for WordPress-powered businesses that need reliable, auto-scalable hosting. Cloudways SafeUpdates now available.
- ☆88Jul 31, 2022Updated 3 years ago
- Text4Shell scanner for Burp Suite☆189Oct 27, 2022Updated 3 years ago
- POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.☆17Jun 18, 2025Updated 9 months ago
- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…☆529Apr 23, 2025Updated 11 months ago
- Takeover subdomains using AWS dangling elastic ips and have a working POC for Subdomain Takeover.☆93Jul 9, 2025Updated 8 months ago
- CVE-2022-24112:Apache APISIX apisix/batch-requests RCE☆44Feb 22, 2022Updated 4 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆964Dec 31, 2021Updated 4 years ago