Burp Suite Extension useful to verify OAUTHv2 and OpenID security
☆191Dec 3, 2024Updated last year
Alternatives and similar repositories for oauth-scan
Users that are interested in oauth-scan are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆176Oct 26, 2024Updated last year
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆36May 14, 2022Updated 3 years ago
- ☆105Oct 18, 2020Updated 5 years ago
- UAC-ByPass utils☆11Jan 28, 2022Updated 4 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆118Jun 17, 2023Updated 2 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆330Mar 27, 2024Updated 2 years ago
- A projectdiscovery driven attack surface monitoring bot powered by axiom☆188Aug 11, 2022Updated 3 years ago
- Real world bug bounty wordlists☆117Jul 20, 2023Updated 2 years ago
- ☆74Nov 5, 2018Updated 7 years ago
- ☆1,202Sep 2, 2022Updated 3 years ago
- ☆32Sep 23, 2022Updated 3 years ago
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Nov 10, 2025Updated 5 months ago
- This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com☆106Aug 6, 2022Updated 3 years ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆428Apr 8, 2026Updated last week
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆295Sep 22, 2024Updated last year
- Just some bash scripting to help your recon.☆16Feb 4, 2026Updated 2 months ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆49Apr 25, 2022Updated 3 years ago
- An aggressor script for Cobalt Strike to query Windows' GetLastError messages☆18Sep 25, 2022Updated 3 years ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆93Jun 11, 2023Updated 2 years ago
- A script used to query the dehashed API and filter for more useful results☆16Jun 20, 2021Updated 4 years ago
- A Burp Suite Extension for Application Penetration Testing to map flows and vulnerabilities☆119Nov 23, 2023Updated 2 years ago
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆485Jul 9, 2024Updated last year
- Convert an IP into Alternative / Obfuscated versions of itself☆14Aug 13, 2022Updated 3 years ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔☆856Jun 27, 2022Updated 3 years ago
- Client Side Prototype Pollution Scanner☆524Sep 17, 2022Updated 3 years ago
- A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…☆400Mar 6, 2026Updated last month
- Burp Extension for copying requests safely. It redacts headers like Cookie, Authorization and X-CSRF-Token for now. More support can be a…☆18May 17, 2020Updated 5 years ago
- Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (c…☆1,111Nov 9, 2024Updated last year
- List DTDs and generate XXE payloads using those local DTDs.☆655Feb 21, 2024Updated 2 years ago
- I collected it to help the bug hunter get a reward☆57Sep 7, 2022Updated 3 years ago
- security.txt collection of most popular world-wide domains☆56Sep 25, 2023Updated 2 years ago
- A wordlist of API names for web application assessments☆887Jun 17, 2025Updated 10 months ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- ☆88Jul 31, 2022Updated 3 years ago
- Text4Shell scanner for Burp Suite☆189Oct 27, 2022Updated 3 years ago
- POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.☆17Jun 18, 2025Updated 10 months ago
- Fetch web pages using headless Chrome, storing all fetched resources including JavaScript files. Run arbitrary JavaScript on many web pag…☆528Apr 23, 2025Updated 11 months ago
- Takeover subdomains using AWS dangling elastic ips and have a working POC for Subdomain Takeover.☆92Jul 9, 2025Updated 9 months ago
- CVE-2022-24112:Apache APISIX apisix/batch-requests RCE☆44Feb 22, 2022Updated 4 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆965Dec 31, 2021Updated 4 years ago