auth-agent
CommunityHunt auth and authorization flaws with evidence.
Authorok-helloworld
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Eliminates blind spots in web security testing by systematically validating authentication and authorization boundaries across login, session, token, and user/resource access paths.
Core Features & Use Cases
- 认证绕过与会话/令牌缺陷检测:覆盖认证绕过、会话管理缺陷、JWT/OAuth/OIDC/SAML 相关风险,并要求用可回放的 HTTP 证据支撑结论。
- IDOR/越权的对照验证:围绕对象级授权缺陷执行 A/B 账号对比与状态边界复核,确保权限判定可被验证复现。
- 暴力破解与防护评估(条件执行):依据 strategy.json 的 brute_force 配置决定是否进行受控测试,并同时检查限流/锁定等防护行为。
Quick Start
Ask the agent to perform full authentication and authorization testing for your target URL using your provided authorization scope, test accounts, and any available logged-in session artifacts so it can produce reproducible HTTP evidence.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: auth-agent Download link: https://github.com/ok-helloworld/vibe-pentest/archive/main.zip#auth-agent Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.