vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
☆331Mar 27, 2024Updated 2 years ago
Alternatives and similar repositories for Vulnerable-OAuth-2.0-Applications
Users that are interested in Vulnerable-OAuth-2.0-Applications are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- Vulnerable SAML infrastructure training applicaiton☆55Feb 2, 2023Updated 3 years ago
- Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…☆1,691May 24, 2025Updated last year
- GraphQL security workshop labs☆122Jan 31, 2026Updated 5 months ago
- Practice hacking JWT tokens☆115Sep 8, 2022Updated 3 years ago
- oauth security guidelines☆232Jun 25, 2019Updated 7 years ago
- Serverless GPU API endpoints on Runpod - Get Bonus Credits • AdSkip the infrastructure headaches. Auto-scaling, pay-as-you-go, no-ops approach lets you focus on innovating your application.
- Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)☆43Nov 10, 2025Updated 7 months ago
- An Intentionally designed Vulnerable Android Application built in Kotlin.☆258Mar 2, 2022Updated 4 years ago
- ☆439Jun 1, 2021Updated 5 years ago
- ☆10Dec 8, 2022Updated 3 years ago
- NodeJS script to extract assets for the Apple bug bounty program from their security acknowledgments page for bug bounty recon.☆79Nov 5, 2022Updated 3 years ago
- Dump all available paths and/or endpoints on WADL file.☆98Nov 24, 2025Updated 7 months ago
- Signatures for jaeles scanner by @j3ssie☆117Apr 20, 2024Updated 2 years ago
- a Go code to detect leaks in JS files via regex patterns☆152Oct 20, 2021Updated 4 years ago
- This challenge is Inon Shkedy's 31 days API Security Tips.☆2,239Apr 20, 2022Updated 4 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ☆1,202Sep 2, 2022Updated 3 years ago
- Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3☆2,084Jan 2, 2024Updated 2 years ago
- ☆244Jun 10, 2021Updated 5 years ago
- Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.☆6,276Aug 14, 2024Updated last year
- Fetches javascript file from a list of URLS or subdomains.☆856Jul 22, 2025Updated 11 months ago
- This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location☆1,380Jan 24, 2021Updated 5 years ago
- SSRF (Server Side Request Forgery) testing resources☆2,507Oct 12, 2024Updated last year
- Damn Vulnerable NodeJS Application☆778Mar 27, 2024Updated 2 years ago
- "Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.☆1,099Mar 3, 2025Updated last year
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations☆401Jun 17, 2020Updated 6 years ago
- Go scripts for checking API key / access token validity☆222Aug 3, 2021Updated 4 years ago
- A burp-suite plugin that extract all parameter names from in-scope requests☆30Nov 9, 2021Updated 4 years ago
- ☆561Mar 27, 2025Updated last year
- A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau☆12Jun 28, 2021Updated 5 years ago
- A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…☆1,183Apr 3, 2026Updated 3 months ago
- Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs☆96Jan 21, 2021Updated 5 years ago
- ☆15Aug 27, 2020Updated 5 years ago
- This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.☆167Mar 5, 2021Updated 5 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ☆48Feb 21, 2021Updated 5 years ago
- Random utilities from my security projects that might be useful to others☆183Jan 26, 2025Updated last year
- ☆751Jun 26, 2024Updated 2 years ago
- An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects☆970Dec 8, 2021Updated 4 years ago
- A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the communit…☆3,844May 1, 2026Updated 2 months ago
- Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…☆1,185Jan 21, 2026Updated 5 months ago
- Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens…☆5,443Jul 1, 2026Updated last week