Burp Suite Extension useful to verify OAUTHv2 and OpenID security
☆191Dec 3, 2024Updated last year
Alternatives and similar repositories for oauth-scan
Users that are interested in oauth-scan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆176Oct 26, 2024Updated last year
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆36May 14, 2022Updated 3 years ago
- ☆105Oct 18, 2020Updated 5 years ago
- UAC-ByPass utils☆11Jan 28, 2022Updated 4 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆118Jun 17, 2023Updated 2 years ago
- 1-Click AI Models by DigitalOcean Gradient • AdDeploy popular AI models on DigitalOcean Gradient GPU virtual machines with just a single click. Zero configuration with optimized deployments.
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆329Mar 27, 2024Updated 2 years ago
- A projectdiscovery driven attack surface monitoring bot powered by axiom☆189Aug 11, 2022Updated 3 years ago
- Real world bug bounty wordlists☆118Jul 20, 2023Updated 2 years ago
- ☆74Nov 5, 2018Updated 7 years ago
- ☆1,202Sep 2, 2022Updated 3 years ago
- ☆32Sep 23, 2022Updated 3 years ago
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Nov 10, 2025Updated 6 months ago
- This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com☆107Aug 6, 2022Updated 3 years ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆427Apr 8, 2026Updated last month
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- Just some bash scripting to help your recon.☆16Feb 4, 2026Updated 3 months ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆49Apr 25, 2022Updated 4 years ago
- An aggressor script for Cobalt Strike to query Windows' GetLastError messages☆18Sep 25, 2022Updated 3 years ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆93Jun 11, 2023Updated 2 years ago
- A script used to query the dehashed API and filter for more useful results☆16Jun 20, 2021Updated 4 years ago
- A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities☆119Nov 23, 2023Updated 2 years ago
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆486Jul 9, 2024Updated last year
- Convert an IP into Alternative / Obfuscated versions of itself☆14Aug 13, 2022Updated 3 years ago
- Bare Metal GPUs on DigitalOcean Gradient AI • AdPurpose-built for serious AI teams training foundational models, running large-scale inference, and pushing the boundaries of what's possible.
- BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔☆855Jun 27, 2022Updated 3 years ago
- Client Side Prototype Pollution Scanner☆525Sep 17, 2022Updated 3 years ago
- A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…☆398Mar 6, 2026Updated 2 months ago
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆18May 17, 2020Updated 5 years ago
- Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (c…☆1,117Nov 9, 2024Updated last year
- List DTDs and generate XXE payloads using those local DTDs.☆656Feb 21, 2024Updated 2 years ago
- I collected it to help the bug hunter get a reward☆57Sep 7, 2022Updated 3 years ago
- security.txt collection of most popular world-wide domains☆56Sep 25, 2023Updated 2 years ago
- ☆88Jul 31, 2022Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- A wordlist of API names for web application assessments☆905Jun 17, 2025Updated 10 months ago
- Text4Shell scanner for Burp Suite☆189Oct 27, 2022Updated 3 years ago
- POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.☆17Jun 18, 2025Updated 10 months ago
- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…☆528Apr 23, 2025Updated last year
- Takeover subdomains using AWS dangling elastic ips and have a working POC for Subdomain Takeover.☆92Jul 9, 2025Updated 10 months ago
- CVE-2022-24112:Apache APISIX apisix/batch-requests RCE☆44Feb 22, 2022Updated 4 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆969Dec 31, 2021Updated 4 years ago