auth_attack
CommunityIdentify and exploit authentication vulnerabilities in web applications.
Software Engineering#authentication#vulnerability assessment#penetration testing#security audit#web security
Authorbingook
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill detects and demonstrates various authentication vulnerabilities in web applications, allowing security professionals to identify and address potential weaknesses.
Core Features & Use Cases
- Account Enumeration: Detects possible valid usernames by analyzing response differences.
- Password Spray: Attempts common passwords across valid accounts to bypass account lockout.
- Login Logic Bypass: Tests for SQL injection, NoSQL injection, and type juggling vulnerabilities in login forms.
- Password Reset Attack: Exploits host header injection and token prediction to bypass password reset.
- MFA/2FA Bypass: Demonstrates methods to bypass multi-factor authentication and two-factor authentication.
- Session Hijacking: Exploits session fixation and session reuse vulnerabilities.
Quick Start
Run the auth_attack skill on a target URL to scan for authentication vulnerabilities.
Dependency Matrix
Required Modules
httpxrequestsre
Components
scripts
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: auth_attack Download link: https://github.com/bingook/bingo/archive/main.zip#auth-attack Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.