auth-sec
OfficialMap and prioritize authentication and authorization tests
System Documentation
What problem does it solve?
Provides a concise routing and decision layer for authentication and authorization testing so practitioners can quickly determine which deeper auth topics to run next. It eliminates guesswork when targets expose mixed authentication mechanisms (login flows, sessions, tokens, SSO) and when it's unclear whether issues are authentication, authorization, or protocol misconfiguration.
Core Features & Use Cases
- Decision Router: Helps triage whether to start with login/session testing, object-level authorization, token analysis (JWT/OAuth), or SSO/OIDC/SAML reviews.
- Skill Map Linking: Direct links to focused skills for Auth Bypass, IDOR/BOLA, JWT/OAuth attacks, CSRF, CORS, and SAML assertion analysis.
- Recommended Flow: Walks through confirming the auth model, verifying session boundaries, checking object permissions, then drilling into tokens and protocol details.
- Use Case: During reconnaissance of a web app that includes both credentialed login and an SSO federation, use this router to pick the correct downstream tests and avoid wasted effort.
Quick Start
Classify the target authentication model and recommend whether to prioritize login/session testing, object authorization checks, token/protocol audits, or SSO assessments.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: auth-sec Download link: https://github.com/yaklang/hack-skills/archive/main.zip#auth-sec Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.