bypassing-authentication-with-forced-browsing
CommunityDiscover hidden admin pages and APIs fast.
Software Engineering#ffuf#web-security#pentesting#directory-enumeration#gobuster#authentication-bypass#forced-browsing
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps find unprotected administrative pages, API endpoints, backup files, and debug interfaces that are not linked in the application but are accessible directly, enabling testers to detect missing or inconsistent authentication and access controls.
Core Features & Use Cases
- Directory and file enumeration: Use wordlists with tools like ffuf or Gobuster to discover hidden paths and files.
- Authentication enforcement checks: Compare unauthenticated and authenticated responses (status and content size) to identify possible bypasses.
- Bypass techniques: Test HTTP method differences, path normalization variants, URL encoding, and look for exposed backup/configuration files and actuator endpoints.
- Use Cases: Authorized penetration tests and security audits aimed at finding exposed admin panels, unauthenticated API routes, backup files with secrets, and framework-specific debug endpoints.
Quick Start
Run the agent against a target using a wordlist or the built-in admin paths and provide a session cookie for authenticated comparison.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: bypassing-authentication-with-forced-browsing Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#bypassing-authentication-with-forced-browsing Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.