Burp Suite Extension useful to verify OAUTHv2 and OpenID security
☆192Dec 3, 2024Updated last year
Alternatives and similar repositories for oauth-scan
Users that are interested in oauth-scan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆177Oct 26, 2024Updated last year
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆36May 14, 2022Updated 4 years ago
- OWASP Amass data source scripts (assetfinder, findomain, github, subfinder)☆105Oct 18, 2020Updated 5 years ago
- UAC-ByPass utils☆11Jan 28, 2022Updated 4 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆118Jun 17, 2023Updated 2 years ago
- Proton VPN Special Offer - Get 70% off • AdSpecial partner offer. Trusted by over 100 million users worldwide. Tested, Approved and Recommended by Experts.
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆328Mar 27, 2024Updated 2 years ago
- A projectdiscovery driven attack surface monitoring bot powered by axiom☆190Aug 11, 2022Updated 3 years ago
- Real world bug bounty wordlists☆118Jul 20, 2023Updated 2 years ago
- ☆74Nov 5, 2018Updated 7 years ago
- ☆1,201Sep 2, 2022Updated 3 years ago
- ☆32Sep 23, 2022Updated 3 years ago
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Nov 10, 2025Updated 6 months ago
- This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com☆106Aug 6, 2022Updated 3 years ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆426May 8, 2026Updated 3 weeks ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- Just some bash scripting to help your recon.☆16Feb 4, 2026Updated 3 months ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆49Apr 25, 2022Updated 4 years ago
- An aggressor script for Cobalt Strike to query Windows' GetLastError messages☆18Sep 25, 2022Updated 3 years ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆94Jun 11, 2023Updated 2 years ago
- A script used to query the dehashed API and filter for more useful results☆16Jun 20, 2021Updated 4 years ago
- A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities☆120Nov 23, 2023Updated 2 years ago
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆487Jul 9, 2024Updated last year
- Convert an IP into Alternative / Obfuscated versions of itself☆14Aug 13, 2022Updated 3 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔☆855Jun 27, 2022Updated 3 years ago
- A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…☆397May 22, 2026Updated last week
- Client Side Prototype Pollution Scanner☆526Sep 17, 2022Updated 3 years ago
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆19May 17, 2020Updated 6 years ago
- Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (c…☆1,115Nov 9, 2024Updated last year
- List DTDs and generate XXE payloads using those local DTDs.☆661Feb 21, 2024Updated 2 years ago
- I collected it to help the bug hunter get a reward☆57Sep 7, 2022Updated 3 years ago
- security.txt collection of most popular world-wide domains☆56Sep 25, 2023Updated 2 years ago
- ☆88Jul 31, 2022Updated 3 years ago
- Deploy open-source AI quickly and easily - Special Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- A wordlist of API names for web application assessments☆908Jun 17, 2025Updated 11 months ago
- Text4Shell scanner for Burp Suite☆189Oct 27, 2022Updated 3 years ago
- POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.☆17Jun 18, 2025Updated 11 months ago
- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…☆530Apr 23, 2025Updated last year
- Takeover subdomains using AWS dangling elastic ips and have a working POC for Subdomain Takeover.☆93Jul 9, 2025Updated 10 months ago
- CVE-2022-24112:Apache APISIX apisix/batch-requests RCE☆43Feb 22, 2022Updated 4 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆976Dec 31, 2021Updated 4 years ago