hunt-ato
CommunityMap ATO paths and validate takeover chains.
Software Engineering#authentication#oauth#security testing#ato#password reset#mfa bypass#account takeover
AuthorCarlos-Reyes-UTP
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps you identify, test, and prioritize account takeover (ATO) attack paths by organizing common ATO primitives into actionable hunt and validation steps.
Core Features & Use Cases
- ATO taxonomy for hunting: Covers nine distinct ATO paths, including reset/account-email flaws, OAuth linking and redirect issues, MFA/session problems, token manipulation, and SSO subdomain takeover scenarios.
- Chain primitive framing: Breaks common ATO “chains” into reusable building blocks (e.g., cookie theft + password oracle + missing step-up, OAuth redirect_uri takeover for code theft).
- Critical validation guidance: Emphasizes reproducing a real takeover against a test victim session/account to separate Critical-paid findings from lower-tier cases.
Quick Start
Run the hunt workflow for account takeover taxonomy and validate an ATO chain by demonstrating account takeover on test account B using attacker A’s session.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-ato Download link: https://github.com/Carlos-Reyes-UTP/Desarrollo-de-Sistema-de-Ventas-Empresas-de-Moda/archive/main.zip#hunt-ato Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.