{"id":13842721,"url":"https://github.com/mddanish/Vulnerable-OTP-Application","last_synced_at":"2025-07-11T15:32:51.384Z","repository":{"id":75012964,"uuid":"99803183","full_name":"mddanish/Vulnerable-OTP-Application","owner":"mddanish","description":"Vulnerable OTP/2FA Application written in PHP using Google Authenticator","archived":false,"fork":false,"pushed_at":"2019-11-13T11:35:43.000Z","size":49,"stargazers_count":79,"open_issues_count":0,"forks_count":34,"subscribers_count":8,"default_branch":"master","last_synced_at":"2024-02-13T08:38:26.439Z","etag":null,"topics":["google-authenticator","multifactor","otp-applications","otp-bypass","php","vulnerable"],"latest_commit_sha":null,"homepage":"http://otp-2fa.mohammeddanishamber.com","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mddanish.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2017-08-09T11:59:25.000Z","updated_at":"2024-01-26T09:40:32.000Z","dependencies_parsed_at":null,"dependency_job_id":"391f1d22-abbe-457d-937f-936389c4647b","html_url":"https://github.com/mddanish/Vulnerable-OTP-Application","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mddanish%2FVulnerable-OTP-Application","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mddanish%2FVulnerable-OTP-Application/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mddanish%2FVulnerable-OTP-Application/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mddanish%2FVulnerable-OTP-Application/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mddanish","download_url":"https://codeload.github.com/mddanish/Vulnerable-OTP-Application/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225737057,"owners_count":17516279,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["google-authenticator","multifactor","otp-applications","otp-bypass","php","vulnerable"],"created_at":"2024-08-04T17:01:44.374Z","updated_at":"2024-11-21T13:31:00.965Z","avatar_url":"https://github.com/mddanish.png","language":"PHP","funding_links":[],"categories":["PHP","PHP (184)","Downloadable Applications"],"sub_categories":[],"readme":"# Vulnerable OTP Application\n\nVulnerable OTP Application created using PHP \u0026 Google OTP \n\n## Getting Started\n\nThese instructions will get you a copy of the project up and running on your local machine for development and testing purposes.\n\n### Prerequisites\n\nWhat things you need to install the application onto.\n\n```\n1. Web Server (Apache recommended)\n2. PHP 7 and above\n3. Mysql or MariaDB\n```\n\n### Installing\n\nA step by step series of examples that tell you have to get the application running\n\nAfter installing Apache, PHP 7 and MariaDB, which I think that you know how to install, or else google about it.\n\nSetting up Application database.\n\n```\nRun SQL File vuln_otp.sql against MariaDB to create necessary Database, Table and Columns\n```\n\nAdding Database details to application\n\n```\nEdit config \u003e db_connection.php and details of Database connections details (Hostname, Username, Password, Database Name)\n```\n\nOpen the Application in browser and have fun.\n\n## Running the tests\n\nYou can use Burp suite or Browser web developer mode to bypass OTP login.\nRemember to Register a test user before Bypassing it, and use Google Authenticator for OTP\n\n## Application available ONLINE\n\nSkip installation and setup and use the mention link hosted for testing OTP Bypass\n1. [Vulnerable OTP Application](http://otp-2fa.mohammeddanishamber.com)\n2. [Vulnerable OTP Application](https://otp-2fa.000webhostapp.com/)\n\nTEST USER CREATED on APPLICATION for testing, or create new user if you want\n\nUSERNAME: test\n\nEMAIL: test@test.com\n\nPASSWORD: P@ssw0rd\n\nSCAN the below use Google Authenticator for OTP generation and login and bypass\nGOOGLE OTP QR\n\n![TEST OTP-2FA](https://chart.googleapis.com/chart?chs=200x200\u0026chld=M|0\u0026cht=qr\u0026chl=otpauth%3A%2F%2Ftotp%2Ftest%40test.com%3Fsecret%32REDZU7WZ45Z4OC%26issuer%3DOTP-2FA \"TEST OTP-2FA\")\n\nDO NOT CRASH THE SEVER OR APPLICATION.\nPLAY SAFE.\n\n## Authors\n\n* **Mohammed Danish amber** - *Initial work* - [Mohammed Danish Amber](http://www.mohammeddanishamber.com)\n\n## License\n\nThis project is licensed under the GNU General Public License v3.0 - see the [LICENSE](https://github.com/mddanish/Vulnerable-OTP-Application/blob/master/LICENSE) file for details\n\n## Acknowledgments\n\n* Hat tip to anyone who's code was used\n* Inspiration\n* etc\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmddanish%2FVulnerable-OTP-Application","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmddanish%2FVulnerable-OTP-Application","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmddanish%2FVulnerable-OTP-Application/lists"}