hunt-auth-bypass
CommunityFind auth bypasses across SSO and legacy endpoints
AuthorAKasem1
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It helps bug bounty hunters discover ways to authenticate or escalate privileges despite SSO/MFA on the UI, by testing forgotten or alternate authentication surfaces like XMLRPC, SAML, OAuth callback flows, partner/admin portals, and API endpoints.
Core Features & Use Cases
- Auth surface mapping: Systematically identifies authentication entry points (login pages, admin/partner portals, API auth routes, and legacy endpoints) and classifies the underlying mechanism (session-based, SAML, OAuth, API credentials).
- SSO/legacy bypass probing: Prioritizes protocol patterns such as WordPress XMLRPC, SAML signature enforcement weaknesses (including signature stripping/wrapping and parser confusion), and cross-portal token/session reuse.
- Verification-ready reporting: Guides you through escalation validation (what the attacker can do, what the victim loses, and reproducibility in minutes) so findings can be argued as true auth bypass impact.
Quick Start
Use the hunt-auth-bypass skill to probe a target for authentication bypass opportunities by checking legacy and federated auth endpoints that commonly remain unprotected even when the main login is SSO enforced.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-auth-bypass Download link: https://github.com/AKasem1/claude-bug-bounty/archive/main.zip#hunt-auth-bypass Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.