Alternatives and similar repositories for oauth-2.0-security-cheat-sheet

Users that are interested in oauth-2.0-security-cheat-sheet are comparing it to the libraries listed below

• koenbuyens / Vulnerable-OAuth-2.0-Applications

  View on GitHub
  vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.
  ☆325Mar 27, 2024Updated last year
• gsmith257-cyber / GraphCrawler

  View on GitHub
  GraphQL automated security testing toolkit
  ☆333Feb 20, 2024Updated last year
• pry0cc / proteus

  View on GitHub
  A projectdiscovery driven attack surface monitoring bot powered by axiom
  ☆190Aug 11, 2022Updated 3 years ago
• phlmox / urlgod

  View on GitHub
  Recon tool for URLs discovery
  ☆12Jun 19, 2024Updated last year
• GoSecure / goinsecure-deserialization

  View on GitHub
  Accompanying material needed for the workshop
  ☆11Jun 14, 2023Updated 2 years ago
• akabe1 / OAUTHScan

  View on GitHub
  Burp Suite Extension useful to verify OAUTHv2 and OpenID security
  ☆175Oct 26, 2024Updated last year
• optiv / InsecureShop

  View on GitHub
  An Intentionally designed Vulnerable Android Application built in Kotlin.
  ☆256Mar 2, 2022Updated 3 years ago
• hahwul / authz0

  View on GitHub
  🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.
  ☆427Feb 9, 2026Updated last week
• cezary-sec / awesome-browser-security

  View on GitHub
  A curated list of awesome browser security learning material.
  ☆149Nov 20, 2022Updated 3 years ago
• allanlw / svg-cheatsheet

  View on GitHub
  A cheatsheet for exploiting server-side SVG processors.
  ☆790Jul 2, 2020Updated 5 years ago
• hahwul / can-i-protect-xss

  View on GitHub
  Everything about xss protection technology
  ☆14Oct 22, 2019Updated 6 years ago
• marco-lancini / k8s-lab-plz

  View on GitHub
  Modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster with support for different components.
  ☆53Oct 2, 2025Updated 4 months ago
• ivision-research / vulnerable-graphql-api

  View on GitHub
  A very vulnerable implementation of a GraphQL API.
  ☆61Nov 12, 2021Updated 4 years ago
• koenbuyens / securityheaders

  View on GitHub
  Check any website (or set of websites) for insecure security headers.
  ☆255Jun 12, 2023Updated 2 years ago
• adanalvarez / SimpleAutoBurp

  View on GitHub
  Python script to launch burp scans automatically
  ☆33Jul 18, 2021Updated 4 years ago
• fransr / hot-jar-swapping-urlclassloader

  View on GitHub
  Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes
  ☆32Dec 10, 2022Updated 3 years ago
• joefizz / autofindomain

  View on GitHub
  ☆24Jan 26, 2021Updated 5 years ago
• tldrsec / awesome-secure-defaults

  View on GitHub
  Awesome secure by default libraries to help you eliminate bug classes!
  ☆699Dec 6, 2025Updated 2 months ago
• dbohannon / MEANBug

  View on GitHub
  An invoice management application built on the MEAN stack with intentional vulnerabilities used to demonstrate insecure configurations an…
  ☆16Sep 4, 2020Updated 5 years ago
• PortSwigger / oauth-scan

  View on GitHub
  Burp Suite Extension useful to verify OAUTHv2 and OpenID security
  ☆190Dec 3, 2024Updated last year
• x1trap / websec-answers

  View on GitHub
  Websec interview questions by tib3rius answered
  ☆309Nov 13, 2023Updated 2 years ago
• DataDog / security-labs-pocs

  View on GitHub
  Proof of concept code for Datadog Security Labs referenced exploits.
  ☆449Updated this week
• dafthack / CloudPentestCheatsheets

  View on GitHub
  This repository contains a collection of cheatsheets I have put together for tools related to pentesting organizations that leverage clou…
  ☆2,804Sep 17, 2024Updated last year
• trickest / safe-harbour

  View on GitHub
  security.txt collection of most popular world-wide domains
  ☆55Sep 25, 2023Updated 2 years ago
• Puliczek / awesome-list-of-secrets-in-environment-variables

  View on GitHub
  🦄🔒 Awesome list of secrets in environment variables 🖥️
  ☆901Sep 21, 2022Updated 3 years ago
• BlackFan / client-side-prototype-pollution

  View on GitHub
  Prototype Pollution and useful Script Gadgets
  ☆1,581Jan 27, 2024Updated 2 years ago
• elttam / semgrep-rules

  View on GitHub
  ☆227Dec 18, 2025Updated last month
• JetP1ane / Affinis

  View on GitHub
  Recurrent Neural Network SubDomain Discovery Tool
  ☆95Sep 20, 2022Updated 3 years ago
• nightowl131 / AAPG

  View on GitHub
  [A]ndroid [A]pplication [P]entest [G]uide
  ☆123Oct 10, 2019Updated 6 years ago
• assetnote / blind-ssrf-chains

  View on GitHub
  An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability
  ☆951Dec 31, 2021Updated 4 years ago
• honoki / tools

  View on GitHub
  A collection of simple tools and poc-builders
  ☆39Jul 22, 2025Updated 6 months ago
• thelikes / owncraft

  View on GitHub
  offensive notes & resources
  ☆43Apr 7, 2025Updated 10 months ago
• pseudo-security / slacksecrets

  View on GitHub
  Scans Slack for API tokens, credentials, passwords, and more using YARA rules
  ☆40Feb 26, 2021Updated 4 years ago
• httpvoid / writeups

  View on GitHub
  ☆1,201Sep 2, 2022Updated 3 years ago
• raverrr / plution

  View on GitHub
  Prototype pollution scanner using headless chrome
  ☆218Jul 27, 2022Updated 3 years ago
• ine-labs / AWSGoat

  View on GitHub
  AWSGoat : A Damn Vulnerable AWS Infrastructure
  ☆1,967May 20, 2025Updated 8 months ago
• R0X4R / bhedak

  View on GitHub
  A replacement of "qsreplace", accepts URLs as standard input, replaces all query string values with user-supplied values and stdout.
  ☆109Mar 1, 2022Updated 3 years ago
• liamg / CVE-2025-48384

  View on GitHub
  PoC for CVE-2025-48384
  ☆20Jul 9, 2025Updated 7 months ago
• mtesauro / AppSecToolbox-tools

  View on GitHub
  Repo to hold the markdown-ified metadata on AppSec tools that are automation-friendly
  ☆12Jun 13, 2016Updated 9 years ago