Alternatives and similar repositories for Vulnerable-OAuth-2.0-Applications

Users that are interested in Vulnerable-OAuth-2.0-Applications are comparing it to the libraries listed below

• yogisec / VulnerableSAMLApp

  View on GitHub
  Vulnerable SAML infrastructure training applicaiton
  ☆54Feb 2, 2023Updated 3 years ago
• dolevf / Damn-Vulnerable-GraphQL-Application

  View on GitHub
  Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…
  ☆1,672May 24, 2025Updated 8 months ago
• koenbuyens / oauth-2.0-security-cheat-sheet

  View on GitHub
  oauth security guidelines
  ☆230Jun 25, 2019Updated 6 years ago
• melbadry9 / SSLEnum

  View on GitHub
  Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)
  ☆42Nov 10, 2025Updated 3 months ago
• topavankumarj / Vulnerable-OAuth2.0-Application

  View on GitHub
  ☆10Dec 8, 2022Updated 3 years ago
• optiv / InsecureShop

  View on GitHub
  An Intentionally designed Vulnerable Android Application built in Kotlin.
  ☆256Mar 2, 2022Updated 3 years ago
• ghsec / ghsec-jaeles-signatures

  View on GitHub
  Signatures for jaeles scanner by @j3ssie
  ☆117Apr 20, 2024Updated last year
• payloadartist / recon

  View on GitHub
  NodeJS script to extract assets for the Apple bug bounty program from their security acknowledgments page for bug bounty recon.
  ☆78Nov 5, 2022Updated 3 years ago
• optiv / mobile-nuclei-templates

  View on GitHub
  ☆435Jun 1, 2021Updated 4 years ago
• Sjord / jwtdemo

  View on GitHub
  Practice hacking JWT tokens
  ☆116Sep 8, 2022Updated 3 years ago
• httpvoid / writeups

  View on GitHub
  ☆1,201Sep 2, 2022Updated 3 years ago
• imran-parray / Web-Sec-CheatSheet

  View on GitHub
  ☆240Jun 10, 2021Updated 4 years ago
• 0xTeles / jsleak

  View on GitHub
  a Go code to detect leaks in JS files via regex patterns
  ☆150Oct 20, 2021Updated 4 years ago
• dwisiswant0 / wadl-dumper

  View on GitHub
  Dump all available paths and/or endpoints on WADL file.
  ☆98Nov 24, 2025Updated 2 months ago
• defparam / smuggler

  View on GitHub
  Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
  ☆2,059Jan 2, 2024Updated 2 years ago
• david3107 / graphql-security-labs

  View on GitHub
  GraphQL security workshop labs
  ☆118Jan 31, 2026Updated 2 weeks ago
• inonshk / 31-days-of-API-Security-Tips

  View on GitHub
  This challenge is Inon Shkedy's 31 days API Security Tips.
  ☆2,231Apr 20, 2022Updated 3 years ago
• neex / http2smugl

  View on GitHub
  ☆561Mar 27, 2025Updated 10 months ago
• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,360Jan 24, 2021Updated 5 years ago
• ayoubfathi / leaky-paths

  View on GitHub
  A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
  ☆1,021Jun 24, 2024Updated last year
• indianajson / can-i-take-over-dns

  View on GitHub
  "Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
  ☆1,081Mar 3, 2025Updated 11 months ago
• Sachin-v3rma / Astra

  View on GitHub
  Astra is a tool to find URLs and secrets inside a webpage/files
  ☆212Mar 14, 2023Updated 2 years ago
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,057Aug 14, 2024Updated last year
• ksharinarayanan / SSRFire

  View on GitHub
  An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
  ☆971Dec 8, 2021Updated 4 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,484Oct 12, 2024Updated last year
• 1ndianl33t / All-in-one_BugBounty_PDF_bundles

  View on GitHub
  ☆130Jun 15, 2020Updated 5 years ago
• pry0cc / proteus

  View on GitHub
  A projectdiscovery driven attack surface monitoring bot powered by axiom
  ☆190Aug 11, 2022Updated 3 years ago
• lc / subjs

  View on GitHub
  Fetches javascript file from a list of URLS or subdomains.
  ☆834Jul 22, 2025Updated 6 months ago
• Co0nan / ParamsExtractor

  View on GitHub
  A burp-suite plugin that extract all parameter names from in-scope requests
  ☆29Nov 9, 2021Updated 4 years ago
• 1ndianl33t / 1ndiList

  View on GitHub
  Recon Custom WordList Ganerator
  ☆58Jul 2, 2020Updated 5 years ago
• amalmurali47 / onaws

  View on GitHub
  Fetch the details of assets hosted on AWS.
  ☆88Dec 4, 2023Updated 2 years ago
• KingOfBugbounty / KingOfBugBountyTips

  View on GitHub
  Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens…
  ☆5,201Jan 31, 2026Updated 2 weeks ago
• NagliNagli / Shockwave-OSS

  View on GitHub
  ☆755Jun 26, 2024Updated last year
• joefizz / autofindomain

  View on GitHub
  ☆24Jan 26, 2021Updated 5 years ago
• honoki / bbrf-burp-plugin

  View on GitHub
  A BurpSuite plugin for BBRF
  ☆25Nov 17, 2024Updated last year
• Hackmanit / Web-Cache-Vulnerability-Scanner

  View on GitHub
  Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…
  ☆1,148Jan 21, 2026Updated 3 weeks ago
• BonJarber / SecUtils

  View on GitHub
  Random utilities from my security projects that might be useful to others
  ☆183Jan 26, 2025Updated last year
• lutfumertceylan / top25-parameter

  View on GitHub
  For basic researches, top 25 vulnerability parameters that can be used in automation tools or manual recon. 🛡️⚔️🧙
  ☆1,817Jun 9, 2024Updated last year
• akabe1 / OAUTHScan

  View on GitHub
  Burp Suite Extension useful to verify OAUTHv2 and OpenID security
  ☆175Oct 26, 2024Updated last year