oauth-labs: an intentionally vulnerable set of OAuth 2.0 labs for security training and learning
☆75Dec 5, 2024Updated last year
Alternatives and similar repositories for oauth-labs
Users that are interested in oauth-labs are comparing it to the libraries listed below
Sorting:
- common methods that used by my burp extension projects☆52Apr 12, 2024Updated last year
- ☆14Dec 28, 2024Updated last year
- golang写的批量对目标网站进行截图的小工具,适合目标资产比较多时,快速定位薄弱点。☆33Oct 14, 2022Updated 3 years ago
- ☆34Sep 19, 2022Updated 3 years ago
- JDBC Attack Tricks☆154Sep 3, 2023Updated 2 years ago
- cve-2022-34169 延伸出的Jdk Xalan的payload自动生成工具,可根据不同的Jdk生成出其所对应的xslt文件☆93Jan 17, 2023Updated 3 years ago
- 一款辅助探测Orderby注入漏洞的BurpSuite插件☆25Oct 19, 2021Updated 4 years ago
- A list for Spring Security☆128Jan 16, 2024Updated 2 years ago
- 用于解决渗透测试加解密的难题,让你的burp像测试明文这么简单☆82Aug 10, 2025Updated 6 months ago
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆154Mar 31, 2025Updated 11 months ago
- HiddenDomainHunter☆20Apr 15, 2023Updated 2 years ago
- A rapid HTTP downgrade smuggling scanner written in Go.☆313May 16, 2024Updated last year
- SpecOps is a Burp Suite extension that ingests an OpenAPI or Swagger spec and instantly builds a workbench to test every documented endpo…☆30Updated this week
- A Shodan-based tool to discover publicly exposed Ollama instances and list available LLM models.☆20May 27, 2025Updated 9 months ago
- ☆10Jul 21, 2022Updated 3 years ago
- 资产测绘输出xlsx表格☆14Sep 10, 2024Updated last year
- ☆12Jan 28, 2023Updated 3 years ago
- Spel-research☆26Jun 21, 2022Updated 3 years ago
- 致远OA利用工具☆26Jul 15, 2023Updated 2 years ago
- ☆40Sep 8, 2025Updated 6 months ago
- ☆12Jul 13, 2023Updated 2 years ago
- WannaCry_HTA 是一个基于 HTA(HTML Application)技术开发的高度仿真 WannaCry 勒索病毒界面模拟程序。该项目简单、完全可控,专为安全研究、应急演练和安全教育场景设计。界面UI参考zR00t1师傅项目编写。☆25Aug 13, 2025Updated 6 months ago
- 子域名爆破,增加了智能爬虫功能☆70Mar 22, 2024Updated last year
- NoBlindi is a command-line tool for exploiting blind NoSQL injection vulnerabilities to recover passwords in web applications.☆28Nov 12, 2023Updated 2 years ago
- ☆88Sep 20, 2024Updated last year
- A collection of Server-Side Prototype Pollution gadgets and exploits☆227Feb 6, 2025Updated last year
- 用友的一些反序列化链子以及1day,二开了狼组的YongYouNcTool,改了一下逻辑以及poc☆123Oct 12, 2024Updated last year
- A simple Docker Compose project to setup PHP 7, Nginx and MySQL 5.7 for dev, testing and fun.☆12Feb 12, 2017Updated 9 years ago
- Piper Burp Suite Extender plugin☆16Jan 15, 2026Updated last month
- A project demonstrating an app that is vulnerable to Spring Security authorization bypass CVE-2022-31692☆35Nov 7, 2022Updated 3 years ago
- Security Advisories☆35Feb 8, 2026Updated last month
- 这是一个结合 Burp Suite 扩展插件 和 ProxyPool 爬虫代理 IP 池 的集成方案,用于自动化获取、验证和管理免费代理,实现高效的 HTTP 代理切换。插件支持直接粘贴代理列表或访问 ProxyPool API URL 获取代理,支持 HTTP 和 SOC…☆30Oct 30, 2025Updated 4 months ago
- ☆17Jul 12, 2024Updated last year
- 🕸️ A curated list of dark web (.onion) links — for educational and research purposes only. You can buy and read the Dark Web book based…☆39Sep 21, 2025Updated 5 months ago
- Thymeleaf SSTI Bypass☆13Nov 24, 2021Updated 4 years ago
- 修改Bug后的ParamSpider,方便各位师傅使用☆13Nov 13, 2024Updated last year
- ☆34Updated this week
- This script just implement a proxy over h2cSmuggler so you can navigate in your browser making requests to the back-end server.☆36May 14, 2022Updated 3 years ago
- anonymous to cluster-admin via Heapdump.☆30Nov 16, 2023Updated 2 years ago