PortSwigger / oauth-scan
Burp Suite Extension useful to verify OAUTHv2 and OpenID security
☆183Updated last year
Related projects: ⓘ
- A projectdiscovery driven attack surface monitoring bot powered by axiom☆175Updated 2 years ago
- ☆143Updated last year
- Distribute ordinary bash commands over many systems☆161Updated 2 years ago
- GitHub Attack Toolkit - Extreme Edition☆151Updated this week
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆250Updated 2 months ago
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆162Updated 4 months ago
- BurpSuite Extension: A one-stop pen testing checklist and logger tool☆258Updated last year
- Prototype pollution scanner using headless chrome☆196Updated 2 years ago
- Burp Suite extension that offers a toolkit for testing GraphQL endpoints.☆182Updated last month
- Create notes during a security code review in VSCode 📝 Import your favorite SAST tool findings 🛠️ and collaborate with others 🤝☆127Updated last year
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.☆223Updated 8 months ago
- The AWS Enumerator was created for service enumeration and info dumping for investigations of penetration testers during Black-Box testin…☆172Updated 2 years ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆151Updated 3 weeks ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆388Updated 3 weeks ago
- Automated learning of regexes for DNS discovery☆350Updated last year
- DEPRECATED, please use the new repository from OWASP: https://github.com/OWASP/raider☆138Updated 3 years ago
- Cloud agnostic IAM permissions enumerator☆138Updated 3 weeks ago
- Complex payload encoder☆207Updated 8 months ago
- ☆207Updated this week
- Generate a bunch of malicious pdf files with phone-home functionality. Can be used with Burp Collaborator☆169Updated 3 years ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆524Updated 9 months ago
- gRPC-Web Pentesting Suite + Burp Suite Extension☆159Updated 2 months ago
- Http request smuggling vulnerability scanner☆223Updated 2 years ago
- Offensive security and Penetration Testing TTP for Cloud based environment (AWS / Azure / GCP)☆308Updated 3 months ago
- WhereToGo - is a list of popular services that might be used in organizations. By having an account of the user - you can try to find ent…☆112Updated 2 years ago
- Tools to assess DNS security.☆146Updated 6 months ago
- A simple tool that helps to find assets/domains based on the Google Analytics ID.☆166Updated 4 months ago
- Fast and customizable vulnerability scanner For JIRA written in Python☆318Updated 7 months ago
- PESD (Proxy Enriched Sequence Diagrams) Exporter converts Burp Suite's proxy traffic into interactive diagrams☆95Updated 7 months ago
- ☆424Updated 4 months ago