一键导入
authentication
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Threat Intelligence Report Design System — ReportLab-based PDF generation for A4 reports with Transilience branding, typography, and layout standards.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Detect and break the cloud post-compromise attack chain (AWS / Azure / GCP) — per-stage CloudTrail / Activity-Log / Audit-Log detection signals and the preventive controls that close each step. Use for cloud detection engineering, hardening, remediation write-ups, or blue-team posture review of the lateral-movement -> privilege-escalation -> exfiltration -> evasion chain.
HackTheBox platform operations and automations to solve challenges, machines and capture the flags hacking competitions
Injection vulnerability testing - SQL, NoSQL, OS Command, SSTI, XXE, and LDAP/XPath injection techniques.
Mobile application security testing — Android (smali, Frida, IL2CPP, Flutter AOT, React Native/Hermes, root detection), iOS (jailbreak, Objection).
| name | authentication |
| description | Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion. |
Test authentication mechanisms including login security, token handling, 2FA, CAPTCHA, and bot detection.
| Type | Key Vectors |
|---|---|
| Auth Bypass | Default credentials, logic flaws, response manipulation |
| ADFS/SAML | Golden SAML, token signing cert theft, assertion manipulation, SAML wrapping |
| JWT | Algorithm confusion, key injection, claim tampering, token forging |
| OAuth | Redirect manipulation, CSRF, token leakage, scope abuse |
| Password | Brute force, credential stuffing, password policy bypass |
| 2FA Bypass | Response manipulation, direct endpoint access, code reuse, race conditions |
| CAPTCHA Bypass | Missing server validation, token reuse, OCR, parameter manipulation |
| Bot Detection | Behavioral biometrics simulation, fingerprint randomization, stealth mode |
PasswordGenerator (tools/password_generator.py):
from tools.password_generator import generate_password
password = generate_password(hint_text="8-16 chars, uppercase, numbers")
CredentialManager (tools/credential_manager.py):
from tools.credential_manager import CredentialManager
mgr = CredentialManager()
mgr.store_credential(target="example.com", username="test", password="pass")
reference/authentication*.md - Auth bypass techniques, payloads, and resourcesreference/jwt*.md - JWT attack techniques and cheat sheetsreference/oauth*.md - OAuth vulnerability testingreference/scenarios/password-attacks/*.md - Password attack vectors (spray, stuffing, cracking, PtH)reference/adfs-exploitation.md - ADFS, Golden SAML, federation attacksreference/scenarios/2fa/*.md - 2FA bypass methodsreference/CAPTCHA_BYPASS.md - 11 CAPTCHA bypass techniquesreference/BOT_DETECTION.md - Bot detection evasion strategiesreference/PASSWORD_CREDENTIAL_MANAGEMENT.md - Tool usage guide