koenbuyens/Vulnerable-OAuth-2.0-Applications external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

koenbuyens/Vulnerable-OAuth-2.0-Applications

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/koenbuyens/Vulnerable-OAuth-2.0-Applications)

Close

koenbuyens / Vulnerable-OAuth-2.0-ApplicationsView on GitHubMore

• External links
• Readme badge

vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.

☆328Mar 27, 2024Updated 2 years ago

Alternatives and similar repositories for Vulnerable-OAuth-2.0-Applications

Users that are interested in Vulnerable-OAuth-2.0-Applications are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• yogisec / VulnerableSAMLApp

  View on GitHub
  Vulnerable SAML infrastructure training applicaiton
  ☆55Feb 2, 2023Updated 3 years ago
• dolevf / Damn-Vulnerable-GraphQL-Application

  View on GitHub
  Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…
  ☆1,685May 24, 2025Updated last year
• david3107 / graphql-security-labs

  View on GitHub
  GraphQL security workshop labs
  ☆119Jan 31, 2026Updated 3 months ago
• Sjord / jwtdemo

  View on GitHub
  Practice hacking JWT tokens
  ☆115Sep 8, 2022Updated 3 years ago
• koenbuyens / oauth-2.0-security-cheat-sheet

  View on GitHub
  oauth security guidelines
  ☆232Jun 25, 2019Updated 6 years ago
• Wordpress hosting with auto-scaling - Free Trial Offer • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• melbadry9 / SSLEnum

  View on GitHub
  Extract SSL certificate data (Subject Name, Subject Alt Names, Organisation)
  ☆42Nov 10, 2025Updated 6 months ago
• optiv / InsecureShop

  View on GitHub
  An Intentionally designed Vulnerable Android Application built in Kotlin.
  ☆256Mar 2, 2022Updated 4 years ago
• optiv / mobile-nuclei-templates

  View on GitHub
  ☆435Jun 1, 2021Updated 4 years ago
• topavankumarj / Vulnerable-OAuth2.0-Application

  View on GitHub
  ☆10Dec 8, 2022Updated 3 years ago
• payloadartist / recon

  View on GitHub
  NodeJS script to extract assets for the Apple bug bounty program from their security acknowledgments page for bug bounty recon.
  ☆78Nov 5, 2022Updated 3 years ago
• dwisiswant0 / wadl-dumper

  View on GitHub
  Dump all available paths and/or endpoints on WADL file.
  ☆98Nov 24, 2025Updated 6 months ago
• ghsec / ghsec-jaeles-signatures

  View on GitHub
  Signatures for jaeles scanner by @j3ssie
  ☆117Apr 20, 2024Updated 2 years ago
• 0xTeles / jsleak

  View on GitHub
  a Go code to detect leaks in JS files via regex patterns
  ☆152Oct 20, 2021Updated 4 years ago
• inonshk / 31-days-of-API-Security-Tips

  View on GitHub
  This challenge is Inon Shkedy's 31 days API Security Tips.
  ☆2,235Apr 20, 2022Updated 4 years ago
• Open source password manager - Proton Pass • Ad
  Securely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
• httpvoid / writeups

  View on GitHub
  ☆1,201Sep 2, 2022Updated 3 years ago
• defparam / smuggler

  View on GitHub
  Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
  ☆2,077Jan 2, 2024Updated 2 years ago
• imran-parray / Web-Sec-CheatSheet

  View on GitHub
  ☆243Jun 10, 2021Updated 4 years ago
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,243Aug 14, 2024Updated last year
• lc / subjs

  View on GitHub
  Fetches javascript file from a list of URLS or subdomains.
  ☆842Jul 22, 2025Updated 10 months ago
• jdonsec / AllThingsSSRF

  View on GitHub
  This is a collection of writeups, cheatsheets, videos, books related to SSRF in one single location
  ☆1,367Jan 24, 2021Updated 5 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,496Oct 12, 2024Updated last year
• appsecco / dvna

  View on GitHub
  Damn Vulnerable NodeJS Application
  ☆772Mar 27, 2024Updated 2 years ago
• indianajson / can-i-take-over-dns

  View on GitHub
  "Can I take over DNS?" — a list of DNS providers and how to claim vulnerable domains.
  ☆1,088Mar 3, 2025Updated last year
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• ameenmaali / urldedupe

  View on GitHub
  Pass in a list of URLs with query strings, get back a unique list of URLs and query string combinations
  ☆400Jun 17, 2020Updated 5 years ago
• daffainfo / Key-Checker

  View on GitHub
  Go scripts for checking API key / access token validity
  ☆223Aug 3, 2021Updated 4 years ago
• Co0nan / ParamsExtractor

  View on GitHub
  A burp-suite plugin that extract all parameter names from in-scope requests
  ☆29Nov 9, 2021Updated 4 years ago
• neex / http2smugl

  View on GitHub
  ☆562Mar 27, 2025Updated last year
• Static-Flow / BurpSuiteAutoCompletion

  View on GitHub
  This exention enables autocompletion within BurpSuite Repeater/Intruder tabs.
  ☆166Mar 5, 2021Updated 5 years ago
• arg3t / massurl

  View on GitHub
  A simple tool that aims to efficiently and quickly parse the outputs of web scraping tools like gau
  ☆12Jun 28, 2021Updated 4 years ago
• ayoubfathi / leaky-paths

  View on GitHub
  A collection of special paths linked to common sensitive APIs, devops internals, frameworks conf, known misconfigurations, juicy APIs ..e…
  ☆1,172Apr 3, 2026Updated last month
• daehee / mildew

  View on GitHub
  Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
  ☆95Jan 21, 2021Updated 5 years ago
• t4kemyh4nd / postMessageLab

  View on GitHub
  ☆15Aug 27, 2020Updated 5 years ago
• Deploy to Railway using AI coding agents - Free Credits Offer • Ad
  Use Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
• emadshanab / Huge_DIR_wordlist

  View on GitHub
  ☆48Feb 21, 2021Updated 5 years ago
• BonJarber / SecUtils

  View on GitHub
  Random utilities from my security projects that might be useful to others
  ☆183Jan 26, 2025Updated last year
• NagliNagli / Shockwave-OSS

  View on GitHub
  ☆754Jun 26, 2024Updated last year
• ksharinarayanan / SSRFire

  View on GitHub
  An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
  ☆972Dec 8, 2021Updated 4 years ago
• arainho / awesome-api-security

  View on GitHub
  A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the communit…
  ☆3,802May 1, 2026Updated 3 weeks ago
• KingOfBugbounty / KingOfBugBountyTips

  View on GitHub
  Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens…
  ☆5,338Mar 13, 2026Updated 2 months ago
• Hackmanit / Web-Cache-Vulnerability-Scanner

  View on GitHub
  Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hac…
  ☆1,173Jan 21, 2026Updated 4 months ago