{"id":29651324,"url":"https://github.com/cyberark/oauth-hunter","last_synced_at":"2026-02-11T12:42:16.233Z","repository":{"id":277128315,"uuid":"859838086","full_name":"cyberark/oauth-hunter","owner":"cyberark","description":"A security research tool designed to intercept and analyze OAuth requests.","archived":false,"fork":false,"pushed_at":"2025-02-20T17:49:16.000Z","size":289,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-07-22T05:06:40.176Z","etag":null,"topics":["mitmproxy","oauth","oauth-misconfiguration","oauth-security","oauth2","penetration-testing-tools","security-tools","vulnerability-scanners"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyberark.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"Security.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-19T11:17:38.000Z","updated_at":"2025-06-25T07:59:30.000Z","dependencies_parsed_at":"2025-02-12T09:53:01.341Z","dependency_job_id":"8df645b2-6a86-4c64-a8c5-fac4da411d3a","html_url":"https://github.com/cyberark/oauth-hunter","commit_stats":null,"previous_names":["cyberark/oauth-hunter"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/cyberark/oauth-hunter","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Foauth-hunter","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Foauth-hunter/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Foauth-hunter/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Foauth-hunter/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyberark","download_url":"https://codeload.github.com/cyberark/oauth-hunter/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyberark%2Foauth-hunter/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29333113,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-11T06:13:03.264Z","status":"ssl_error","status_checked_at":"2026-02-11T06:12:55.843Z","response_time":97,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["mitmproxy","oauth","oauth-misconfiguration","oauth-security","oauth2","penetration-testing-tools","security-tools","vulnerability-scanners"],"created_at":"2025-07-22T05:06:39.977Z","updated_at":"2026-02-11T12:42:16.217Z","avatar_url":"https://github.com/cyberark.png","language":"Python","readme":"\n\n# oauth-hunter\n\n[![GitHub release][release-img]][release]\n[![License][license-img]][license] \n![Stars](https://img.shields.io/github/stars/cyberark/oauth-hunter)  \n\n\n \u003cimg align=\"right\" src=\"https://github.com/user-attachments/assets/480aa00f-54d9-41fa-bb6b-e65f92fbc19e\" alt=\"LibAFL logo\" width=\"250\" heigh=\"250\"\u003e\n\noauth-hunter is a powerful tool designed for intercepting and analyzing OAuth requests using mitmproxy.   \nIt captures OAuth requests and performs comprehensive testing on the redirect_uri parameter, evaluating it against a variety of scenarios to identify potential vulnerabilities. \nThis allows users to ensure the robustness of their OAuth implementations and safeguard against common security issues.  \n\nIn addition to its current capabilities, we are actively working on expanding the tool's functionality to include testing to the state parameter, among other enhancements.   \nThis ongoing development aims to provide a more thorough analysis of OAuth implementations, ensuring robust security and resilience against common vulnerabilities.  \n\nThe tool was published as part of the \"How Secure Is Your OAuth? Insights from 100 Websites\" research https://www.cyberark.com/resources/threat-research-blog/how-secure-is-your-oauth-insights-from-100-websites.  \n\n--- \n\n## Table of Contents\n- [Deployment](#deployment)\n  - [Run from source](#run-from-source)\n- [Usage](#usage)\n  - [Burp Suite Integration](#burp-suite-integration)\n  - [Menu](#menu)\n- [Contributing](#contributing)\n- [License](#license)\n- [Share Your Thoughts and Feedback](#share-your-thoughts-and-feedback)\n\n---\n\n## Deployment  \nYou will need the following installed:\n* python 3.x\n* pip3\n\n### Run from source\nClone the repository:\n~~~\ngit clone https://github.com/cyberark/oauth-hunter.git\n~~~\n\nInstall module dependencies. (You may prefer to do this within a [Virtual Environment](https://packaging.python.org/guides/installing-using-pip-and-virtual-environments/))\n~~~\ncd ./oauth-hunter\npip3 install -r requirements.txt\n~~~\n\nRun:\n~~~\npython3 main.py\n~~~\n\n\n\n## Usage  \n\nThe tool starts a proxy on the default port `1337`. Ensure you configure your system or tool to listen on this port to intercept and analyze network traffic.  \n\n### Burp Suite Integration\nFor advanced usage, the tool can integrate with Burp Suite by specifying the `--burp-proxy` option followed by the port Burp Suite is configured to use.   \nThis allows the tool to send test requests through the Burp Suite proxy for enhanced analysis.\n\n\n### Menu\n```\nusage: main.py [-h] [--create-excel [CREATE_EXCEL]] [--overwrite] [--proxy-port PROXY_PORT] [--burp-proxy [BURP_PROXY]] [--evil-domain EVIL_DOMAIN] [--yaml-scenarios YAML_SCENARIOS]\n\nOAuth Proxy Tester\n\noptions:\n  -h, --help            show this help message and exit\n  --create-excel [CREATE_EXCEL]\n                        Create an Excel file with the given name or use the default name.\n  --overwrite           Overwrite the existing file if it exists.\n  --proxy-port PROXY_PORT\n                        Specify the proxy port.\n  --burp-proxy [BURP_PROXY]\n                        Specify the Burp proxy port. Defaults to 8080 if specified without a value.\n  --evil-domain EVIL_DOMAIN\n                        Specify the evil domain.\n  --yaml-scenarios YAML_SCENARIOS\n                        Path to YAML file with scenarios.\n```\n\n## Display    \n![oauth-hunter-demo](https://github.com/user-attachments/assets/f2ef030e-475c-4ce1-8b89-2c29bfac75e1)\n\n\n## Contributing\nWe welcome contributions of all kinds to this repository.  \nFor instructions on how to get started and descriptions\nof our development workflows, please see our [contributing guide](https://github.com/cyberark/oauth-hunter/blob/main/CONTRIBUTING.md).\n\n## Disclaimer and Warranty  \nThis tool is intended solely for internal use within your organization for identifying potential OAuth implementation issues in environments you own or are authorized to assess.  \n\n## License  \nCopyright (c) 2025 CyberArk Software Ltd. All rights reserved  \nThis repository is licensed under  Apache-2.0 License - see [`LICENSE`](LICENSE) for more details.\n\n## Share Your Thoughts And Feedback\nFor more comments, suggestions or questions, you can contact Eviatar Gerzi ([@g3rzi](https://twitter.com/g3rzi)) from CyberArk Labs.\nYou can find more projects developed by us in https://github.com/cyberark/.\n\n[release-img]: https://img.shields.io/github/release/cyberark/oauth-hunter.svg\n[release]: https://github.com/cyberark/oauth-hunter/releases\n\n[license-img]: https://img.shields.io/github/license/cyberark/oauth-hunter.svg\n[license]: https://github.com/cyberark/oauth-hunter/blob/master/LICENSE\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Foauth-hunter","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyberark%2Foauth-hunter","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyberark%2Foauth-hunter/lists"}