Burp Suite Extension useful to verify OAUTHv2 and OpenID security
☆191Dec 3, 2024Updated last year
Alternatives and similar repositories for oauth-scan
Users that are interested in oauth-scan are comparing it to the libraries listed below
Sorting:
- Burp Suite Extension useful to verify OAUTHv2 and OpenID security☆176Oct 26, 2024Updated last year
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆36May 14, 2022Updated 3 years ago
- ☆105Oct 18, 2020Updated 5 years ago
- Real world bug bounty wordlists☆116Jul 20, 2023Updated 2 years ago
- UAC-ByPass utils☆11Jan 28, 2022Updated 4 years ago
- A script used to query the dehashed API and filter for more useful results☆16Jun 20, 2021Updated 4 years ago
- Simple extension that allows to run nuclei scanner directly from burp and transforms json results into the issues.☆118Jun 17, 2023Updated 2 years ago
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆328Mar 27, 2024Updated last year
- Fast CLI tool to find the parameters that can be used to find SSRF or Out-of-band resource load☆296Sep 22, 2024Updated last year
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆49Apr 25, 2022Updated 3 years ago
- ☆74Nov 5, 2018Updated 7 years ago
- Quietly and anonymously bruteforce Active Directory usernames at insane speeds from Domain Controllers by (ab)using LDAP Ping requests (c…☆1,052Nov 9, 2024Updated last year
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆42Nov 10, 2025Updated 3 months ago
- An aggressor script for Cobalt Strike to query Windows' GetLastError messages☆18Sep 25, 2022Updated 3 years ago
- Client Side Prototype Pollution Scanner☆522Sep 17, 2022Updated 3 years ago
- ☆1,200Sep 2, 2022Updated 3 years ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆426Feb 20, 2026Updated 2 weeks ago
- POC for CVE-2022-21907: HTTP Protocol Stack Remote Code Execution Vulnerability.☆17Jun 18, 2025Updated 8 months ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆956Dec 31, 2021Updated 4 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆649Feb 21, 2024Updated 2 years ago
- BUG BOUNTY WRITEUPS - OWASP TOP 10 🔴🔴🔴🔴✔☆853Jun 27, 2022Updated 3 years ago
- A projectdiscovery driven attack surface monitoring bot powered by axiom☆189Aug 11, 2022Updated 3 years ago
- This could have been a bash one-liner but guess what. It's a small Go tool that lists the trending CVEs from cvetrends.com☆106Aug 6, 2022Updated 3 years ago
- A Burp Suite extension for identifying injection flaws (LFI, RCE, SQLi), authentication/authorization issues, and HTTP 403 access violati…☆396Updated this week
- Just some bash scripting to help your recon.☆16Feb 4, 2026Updated last month
- Uses Sharphound, Bloodhound and Neo4j to produce an actionable list of attack paths for targeted remediation.☆484Jul 9, 2024Updated last year
- Takeover subdomains using AWS dangling elastic ips and have a working POC for Subdomain Takeover.☆93Jul 9, 2025Updated 8 months ago
- Text4Shell scanner for Burp Suite☆189Oct 27, 2022Updated 3 years ago
- Awesome information for WebSockets security research☆301Jan 10, 2022Updated 4 years ago
- NodeJS script to extract assets for the Apple bug bounty program from their security acknowledgments page for bug bounty recon.☆78Nov 5, 2022Updated 3 years ago
- Advanced external automation on bug bounty programs by running the best set of tools to perform scanning and finding out vulnerabilities.☆105Jun 28, 2022Updated 3 years ago
- A quick and dirty way to bypass encrypted EPA to connect to a NetScaler Gateway☆20Oct 11, 2019Updated 6 years ago
- Headers Burp Extension☆19Jun 7, 2023Updated 2 years ago
- oauth security guidelines☆232Jun 25, 2019Updated 6 years ago
- Smart ssrf scanner using different methods like parameter brute forcing in post and get...☆279Feb 11, 2021Updated 5 years ago
- This lab is created to demonstrate pass-the-hash, blind sql and SSTI vulnerabilities☆93Jun 11, 2023Updated 2 years ago
- I collected it to help the bug hunter get a reward☆57Sep 7, 2022Updated 3 years ago
- Domains belonging to the most reputed public bug bounty programs. [NOT FOR NON-MONETARY OR PRIVATE PROGRAMS]☆225Aug 29, 2024Updated last year
- A wordlist of API names for web application assessments☆870Jun 17, 2025Updated 8 months ago