The malicious IdP you were looking for. A weaponized Single Sign-On (SSO) Identity Provider (IdP) for security testing of OIDC and SAML 2.0 Service Providers, also supporting SCIM protocol.
☆38Jun 6, 2026Updated last month
Alternatives and similar repositories for maSSO
Users that are interested in maSSO are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Burp Suite extension + port-based highlighter: dedupes HTTP history into a live unique-request feed and color-codes attacker/victim traff…☆18Jul 7, 2026Updated last week
- 0xJS is an AI-powered JavaScript Security Tool☆64Apr 16, 2026Updated 2 months ago
- Blogpost series showcasing interesting cloud - web app security bugs☆75May 27, 2026Updated last month
- MCPwned is a companion extension that enables pentesters to effectively test MCP servers. It recognizes MCP-like endpoints, provies a sca…☆20Jul 3, 2026Updated last week
- Passive JavaScript reconnaissance for penetration testers — bridging Burp Suite traffic into structured, AST-based analysis in VSCode.☆36Feb 5, 2026Updated 5 months ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- ☆26Jun 6, 2026Updated last month
- EncryptInterceptor fail-open bypass in Apache Tomcat Tribes clustering leading to unauthenticated RCE via Java deserialization.☆69May 11, 2026Updated 2 months ago
- A Caido plugin to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆42Apr 8, 2026Updated 3 months ago
- A Web Platform API proposal for Blob URL☆11Feb 24, 2023Updated 3 years ago
- mattew crawls target websites, extracts hidden attack surface, runs security analysis, fingerprints technology, and generates professiona…☆17Jul 2, 2026Updated last week
- A tool to extract and dump files of mercurial SCM exposed on a web server.☆13Jan 31, 2025Updated last year
- Dependency Confusion Security Testing Tool☆50Jul 21, 2022Updated 3 years ago
- Security AI helper for Caido: pipes your local Claude Code / Gemini / Codex / Copilot CLI through 18 MCP tools for manual web security te…☆37Jun 26, 2026Updated 2 weeks ago
- PoC's and Slides from 'Gophers, whales and.. clouds? Oh my!' BSides Wellington presentation by Glenn 'devalias' Grant☆17Mar 3, 2018Updated 8 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Repro for Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!☆21Aug 25, 2024Updated last year
- This is a companion software based on the Acunetix Web Vulnerability Scanner 13 scanning engine.☆10Oct 17, 2020Updated 5 years ago
- ☆40Aug 2, 2024Updated last year
- The action integrates Electronegativity, a tool to identify misconfigurations and security anti-patterns in Electron applications, into G…☆15Apr 15, 2023Updated 3 years ago
- Local forensic scanner that extracts credentials from AI tool conversation history. For authorized red team and DLP use only.☆55Updated this week
- 一款支持检测web应用程序未授权访问缺陷的burp suite插件,可自定义配置检测字段以及返回包json数据分析☆13Apr 22, 2024Updated 2 years ago
- ☆11Jan 8, 2023Updated 3 years ago
- A modern postMessage tracker including additional features, inspired by Frans Rosens postmessage tracker. A port of chrome Manifest V3 "F…☆61Sep 12, 2025Updated 10 months ago
- This repository is created for personal use and added tools from my blog post.☆14May 7, 2026Updated 2 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Rust-based password mutator for brute force attacks☆13Mar 21, 2025Updated last year
- A script to factorize integers with sagemath and factordb.☆12Feb 11, 2025Updated last year
- Easy discovery of assets☆13Jun 22, 2022Updated 4 years ago
- Burp plugin for jxscout☆22May 12, 2025Updated last year
- Practical setup guides and helpers to connect Burp Suite MCP Server to multiple AI backends (Codex, Gemini, Ollama, ...).☆213Jan 19, 2026Updated 5 months ago
- CSPTPlayground is an open-source playground to find and exploit Client-Side Path Traversal (CSPT).☆162Mar 31, 2025Updated last year
- A webshell plugin and interactive shell for pentesting JoGet application.☆14May 19, 2022Updated 4 years ago
- acunetix 13 crack by mtd☆14Feb 29, 2020Updated 6 years ago
- Standardizing Security Titles☆25Apr 19, 2026Updated 2 months ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- A Simple CVE-2022-39299 PoC exploit generator to bypass authentication in SAML SSO Integrations using vulnerable versions of passport-sam…☆19Feb 8, 2023Updated 3 years ago
- API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs☆107Updated this week
- A local tool for ingesting Windows Patch Tuesday CVEs, diffing patched binaries with Ghidriff and surfacing LLM-generated security analys…☆55May 19, 2026Updated last month
- A set of scripts to install a Burp Collaborator Server in a docker environment, using a LetsEncrypt wildcard certificate in as simple a p…☆31Nov 30, 2025Updated 7 months ago
- Tricard - Malware Sandbox Fingerprinting☆24Dec 11, 2023Updated 2 years ago
- Burp extension to find and decode BigIP and Netscaler cookies☆15Jul 20, 2018Updated 7 years ago
- PoC for leaking text nodes via CSS injection☆26Jul 27, 2024Updated last year