OpenID-Attacker is a free open source security testing tool for the Single Sign-On Protocol OpenID ( It is developed by the Chair of Network and Data Security, Ruhr University Bochum ( ) and the 3curity GmbH ( ).
You can build OpenID-Attacker directly from the Github sources. For this purpose, you need:
- Java 8 or higher
- maven
- git
You procede as follows. You first need to clone OpenID-Attackers sources (you can of course also download a ZIP file):
$ git clone
Then you go to the OpenID-Attacker directory and use maven to build and package the files:
$ cd OpenID-Attacker
$ mvn clean package -DskipTests
Afterwards, you are able to go to the runnable directory and execute OpenID-Attacker:
$ cd runnable
$ java -jar OpenID-Attacker-*.jar
- The initial version of OpenID-Attacker is described in
- Description of attacks on OpenID can be found in