{"id":19062094,"url":"https://github.com/netcode/oauthgoat","last_synced_at":"2026-02-14T06:32:57.326Z","repository":{"id":145058587,"uuid":"531435481","full_name":"netcode/OAuthGoat","owner":"netcode","description":"Vulnerable dockerized environment designed to test OAuth vulnerabilities","archived":false,"fork":false,"pushed_at":"2022-11-15T22:27:48.000Z","size":1042,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-07T09:36:58.949Z","etag":null,"topics":["oauth-client","oauth2","oauth2-server","security","security-labs","vulnerability"],"latest_commit_sha":null,"homepage":"","language":"EJS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/netcode.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-01T08:46:36.000Z","updated_at":"2023-05-12T01:41:20.000Z","dependencies_parsed_at":null,"dependency_job_id":"05517041-ea7a-40ca-9fed-a117a2949e8c","html_url":"https://github.com/netcode/OAuthGoat","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/netcode/OAuthGoat","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FOAuthGoat","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FOAuthGoat/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FOAuthGoat/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FOAuthGoat/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/netcode","download_url":"https://codeload.github.com/netcode/OAuthGoat/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/netcode%2FOAuthGoat/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29438779,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-14T05:24:35.651Z","status":"ssl_error","status_checked_at":"2026-02-14T05:24:34.830Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["oauth-client","oauth2","oauth2-server","security","security-labs","vulnerability"],"created_at":"2024-11-09T00:24:28.762Z","updated_at":"2026-02-14T06:32:57.299Z","avatar_url":"https://github.com/netcode.png","language":"EJS","funding_links":[],"categories":[],"sub_categories":[],"readme":"# OAuthGoat\n\nThis is a vulnerable environment designed to test OAuth vulnerabilities. It contains **Vulnerable** OAuth Client and OAuth provider\n\n## WARNING!\n\nOAuth goat is vulnerable by design applications(s). Don't upload it to any public internet facing servers.\n\n\n## Installation \u0026 Running\nIts a docker environment, so you can running it easily with `docker-compose`. But in order to use host names, make sure to add this into your `/etc/hosts`\n\n```\n#oauth-goat\n127.0.0.1 oauth-provider.local\n127.0.0.1 attacker.local\n127.0.0.1 example-client.local\n```\n\nthen you can run docker compose\n\n```\ndocker-compose up\n```\n\nNow you can access the provider at `oauth-provider.local` and the client at `example-client.local`\n\n\n## data\nWe have prefilled the vulnerable environment with some data. Lives in `/server/libs/db.js`\n\n```\nlet users = [\n    { id:1, email: \"bob@awesome.rocks\", password: \"123456\", avatar: \"https://cdn3.iconfinder.com/data/icons/cat-force/256/cat_rascal.png\" },\n    { id:2, email: \"bar@evil.attack\", password: \"123456\", avatar: \"https://cdn3.iconfinder.com/data/icons/emoticon-6/512/26-512.png\" },\n];\n\nlet clients = [\n    { name: \"Super Awesome Secure Website\", id: \"54gSlmAMWz3PKdVgNRcR\", secret: \"d65030eaec444ce1afa94b6552e472bf\", redirect_uri: \"http://example-client.local/oauth/callback\", pre_approval: false },\n    { name: \"Super Awesome Secure Website - Profile linking\", id: \"q9O0kwqgxloGk5TPLzEF\", secret: \"9b8b9d863a434065867ac8c98e212fbf\", redirect_uri: \"http://example-client.local/profile/link/oauth/callback\", pre_approval: false},\n    { name: \"PreApprovalApp\", id: \"QRCgN910n7Rr4s3Ee8bf\", secret: \"d3e9c2cb75cf4ebcad4aa01811bcaca5\", redirect_uri: \"http://preApprovalApp.local/oauth/callback\", pre_approval: true }\n    \n]\n```\n\n\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetcode%2Foauthgoat","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnetcode%2Foauthgoat","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnetcode%2Foauthgoat/lists"}