PrOfESSOS (Practical Offensive Evaluation of Single Sign-On Services) is an open source tool for fully automated Evaluation-as-a-Service of OpenID Connect clients. The tool has been developed for the research paper SoK: Single Sign-On Security – An Evaluation of OpenID Connect, EuroS&P 2017.
The source code of PrOfESSOS can be found at GitHub.
As a safeguard to prevent illegitimate usage of the PrOfESSOS service, the RP operator must install a file named .professos at the root directory of the webserver (see Login-Site URL below) containing the base URL of the PrOfESSOS service (<PrOfESSOS-URI>). See http://www.honestsp.de:8080/.professos for an example of such a file.