一键在 Manus 中运行任何 Skill

$pwd:

sast-authentication-testing

Name: Sast Authentication Testing
Author: anshumanbh

// Investigate authentication vulnerabilities in source code including missing authentication, weak authentication, and session management issues. Use when threat model identifies CWE-287 (Improper Authentication), CWE-384 (Session Fixation), CWE-306 (Missing Authentication), or authentication concerns.

在 Manus 中运行

$ git log --oneline --stat

stars:17

forks:6

updated:2025年12月18日 18:46

SKILL.md

readonly

name	sast-authentication-testing
description	Investigate authentication vulnerabilities in source code including missing authentication, weak authentication, and session management issues. Use when threat model identifies CWE-287 (Improper Authentication), CWE-384 (Session Fixation), CWE-306 (Missing Authentication), or authentication concerns.
allowed-tools	Read, Grep, Glob

SAST Authentication Testing Skill

Purpose

Investigate authentication failures in source code by analyzing:

Authentication enforcement on protected endpoints
Session management implementation
Credential handling practices
Authentication bypass vectors

Vulnerability Types Covered

1. Missing Authentication (CWE-306)

Sensitive functionality accessible without authentication.

Code Patterns to Find:

API endpoints without auth decorators
Admin routes missing authentication
Sensitive operations in public routes

Example Vulnerable Code:

@app.route('/api/admin/users')
def list_all_users():  # No @login_required
    return User.query.all()

2. Improper Authentication (CWE-287)

Authentication mechanism can be bypassed or is insufficient.

Code Patterns to Find:

Weak password validation
Hardcoded credentials
Predictable authentication tokens
Missing rate limiting on login

Example Vulnerable Code:

def login(username, password):
    if password == "admin123":  # Hardcoded password check
        return create_session(username)

3. Session Fixation (CWE-384)

Session identifier not regenerated after authentication.

Code Patterns to Find:

Missing session regeneration on login
Session ID passed in URL
Session not invalidated on logout

Example Vulnerable Code:

def login(username, password):
    if verify_password(username, password):
        # Missing: session.regenerate()
        session['user'] = username

4. Broken Authentication (CWE-287)

General authentication weaknesses.

Code Patterns to Find:

Password stored in plaintext
Weak password hashing (MD5, SHA1)
Missing account lockout
Exposed session tokens in logs

Investigation Methodology

Step 1: Find Authentication Points

Search for login/auth handlers:

Patterns: def login, def authenticate, def signin
          /login, /auth, /signin
          authenticate_user, verify_credentials

Step 2: Check Auth Decorators

Verify sensitive endpoints have authentication:

Patterns: @login_required, @authenticated
          @jwt_required, @token_required
          before_request, middleware

Step 3: Analyze Session Management

Look for session handling code:

Patterns: session[, session.get(
          regenerate, invalidate
          set_cookie, delete_cookie
          jwt.encode, jwt.decode

Step 4: Check Credential Handling

Search for password/token handling:

Patterns: password, secret, token, api_key
          hash, bcrypt, argon2, pbkdf2
          plaintext, base64, md5, sha1

Step 5: Cross-Reference with Org

Use github_org_code_search to find:

Common authentication middleware
Shared auth libraries
How other services handle auth

Classification Criteria

TRUE_POSITIVE:

Sensitive endpoint has no authentication
Credentials stored/compared insecurely
Session management has known vulnerabilities

FALSE_POSITIVE:

Authentication is properly implemented
Endpoint is intentionally public
Session regeneration exists elsewhere

UNVALIDATED:

Authentication in external service
Complex auth flow that spans multiple files

Output Format

### Verdict
- **verdict**: TRUE_POSITIVE or FALSE_POSITIVE
- **confidence_score**: 1-10
- **risk_level**: LOW, MEDIUM, HIGH, or CRITICAL

### Evidence
- **Location**: file:line
- **Issue**: Description of the authentication weakness
- **Code**: Relevant code snippet

### Attack Scenario
How an attacker could exploit this:
1. [Steps to reproduce]

### Recommendations
- [Specific fix with code example]

CWE Mapping

CWE-287: Improper Authentication
CWE-306: Missing Authentication for Critical Function
CWE-384: Session Fixation
CWE-521: Weak Password Requirements
CWE-613: Insufficient Session Expiration

Safety Rules

Only analyze code in the repository provided
Do not attempt to exploit or test against live systems
Redact any sensitive data (API keys, secrets) from evidence

related-skills.json

同仓库

sast-authorization-testing.md

from "anshumanbh/vulnvibes"

Investigate authorization vulnerabilities in source code including IDOR, privilege escalation, and missing access controls. Use when threat model identifies CWE-639 (IDOR), CWE-862 (Missing Authorization), CWE-863 (Incorrect Authorization), CWE-269 (Privilege Escalation), or access control concerns.

2025-12-1817

sast-browser-security-testing.md

from "anshumanbh/vulnvibes"

Investigate browser security vulnerabilities including CORS misconfiguration, CSRF, clickjacking, and cookie security. Use when threat model identifies CWE-346 (Origin Validation), CWE-942 (Permissive CORS), CWE-352 (CSRF), CWE-1021 (Clickjacking), or browser security concerns.

2025-12-1817

sast-cryptography-testing.md

from "anshumanbh/vulnvibes"

Investigate cryptographic vulnerabilities in source code including weak algorithms, hardcoded secrets, and improper key management. Use when threat model identifies CWE-327 (Use of Broken Crypto), CWE-798 (Hardcoded Credentials), CWE-326 (Inadequate Encryption), or cryptography concerns.

2025-12-1817

sast-data-exposure-testing.md

from "anshumanbh/vulnvibes"

Investigate data exposure vulnerabilities in source code including PII leakage, sensitive data logging, and information disclosure. Use when threat model identifies CWE-200 (Information Exposure), CWE-532 (Sensitive Data in Logs), CWE-359 (Privacy Violation), or data exposure concerns.

2025-12-1817

sast-deserialization-testing.md

from "anshumanbh/vulnvibes"

Investigate insecure deserialization vulnerabilities that can lead to RCE or data manipulation. Use when threat model identifies CWE-502 (Deserialization of Untrusted Data), CWE-915 (Mass Assignment), or object deserialization concerns.

2025-12-1817

sast-file-security-testing.md

from "anshumanbh/vulnvibes"

Investigate file operation vulnerabilities including unrestricted file upload, path traversal in file operations, and insecure file handling. Use when threat model identifies CWE-434 (Unrestricted Upload), CWE-73 (External Control of File Path), CWE-427 (Uncontrolled Search Path), or file security concerns.

2025-12-1817

package.json

"author": "anshumanbh"

"repository": "anshumanbh/vulnvibes"

打开 GitHub 仓库查看创作者相关仓库

$ install --global

$ download --local

在 Manus 中运行

$ useful --forSOC

信息安全分析师计算机与数学类职业15-1212L4

name	sast-authentication-testing
description	Investigate authentication vulnerabilities in source code including missing authentication, weak authentication, and session management issues. Use when threat model identifies CWE-287 (Improper Authentication), CWE-384 (Session Fixation), CWE-306 (Missing Authentication), or authentication concerns.
allowed-tools	Read, Grep, Glob

SAST Authentication Testing Skill

Purpose

Investigate authentication failures in source code by analyzing:

Authentication enforcement on protected endpoints
Session management implementation
Credential handling practices
Authentication bypass vectors

Vulnerability Types Covered

1. Missing Authentication (CWE-306)

Sensitive functionality accessible without authentication.

Code Patterns to Find:

API endpoints without auth decorators
Admin routes missing authentication
Sensitive operations in public routes

Example Vulnerable Code:

@app.route('/api/admin/users')
def list_all_users():  # No @login_required
    return User.query.all()

2. Improper Authentication (CWE-287)

Authentication mechanism can be bypassed or is insufficient.

Code Patterns to Find:

Weak password validation
Hardcoded credentials
Predictable authentication tokens
Missing rate limiting on login

Example Vulnerable Code:

def login(username, password):
    if password == "admin123":  # Hardcoded password check
        return create_session(username)

3. Session Fixation (CWE-384)

Session identifier not regenerated after authentication.

Code Patterns to Find:

Missing session regeneration on login
Session ID passed in URL
Session not invalidated on logout

Example Vulnerable Code:

def login(username, password):
    if verify_password(username, password):
        # Missing: session.regenerate()
        session['user'] = username

4. Broken Authentication (CWE-287)

General authentication weaknesses.

Code Patterns to Find:

Password stored in plaintext
Weak password hashing (MD5, SHA1)
Missing account lockout
Exposed session tokens in logs

Investigation Methodology

Step 1: Find Authentication Points

Search for login/auth handlers:

Patterns: def login, def authenticate, def signin
          /login, /auth, /signin
          authenticate_user, verify_credentials

Step 2: Check Auth Decorators

Verify sensitive endpoints have authentication:

Patterns: @login_required, @authenticated
          @jwt_required, @token_required
          before_request, middleware

Step 3: Analyze Session Management

Look for session handling code:

Patterns: session[, session.get(
          regenerate, invalidate
          set_cookie, delete_cookie
          jwt.encode, jwt.decode

Step 4: Check Credential Handling

Search for password/token handling:

Patterns: password, secret, token, api_key
          hash, bcrypt, argon2, pbkdf2
          plaintext, base64, md5, sha1

Step 5: Cross-Reference with Org

Use github_org_code_search to find:

Common authentication middleware
Shared auth libraries
How other services handle auth

Classification Criteria

TRUE_POSITIVE:

Sensitive endpoint has no authentication
Credentials stored/compared insecurely
Session management has known vulnerabilities

FALSE_POSITIVE:

Authentication is properly implemented
Endpoint is intentionally public
Session regeneration exists elsewhere

UNVALIDATED:

Authentication in external service
Complex auth flow that spans multiple files

Output Format

### Verdict
- **verdict**: TRUE_POSITIVE or FALSE_POSITIVE
- **confidence_score**: 1-10
- **risk_level**: LOW, MEDIUM, HIGH, or CRITICAL

### Evidence
- **Location**: file:line
- **Issue**: Description of the authentication weakness
- **Code**: Relevant code snippet

### Attack Scenario
How an attacker could exploit this:
1. [Steps to reproduce]

### Recommendations
- [Specific fix with code example]

CWE Mapping

CWE-287: Improper Authentication
CWE-306: Missing Authentication for Critical Function
CWE-384: Session Fixation
CWE-521: Weak Password Requirements
CWE-613: Insufficient Session Expiration

Safety Rules

Only analyze code in the repository provided
Do not attempt to exploit or test against live systems
Redact any sensitive data (API keys, secrets) from evidence

sast-authentication-testing

SAST Authentication Testing Skill

Purpose

Vulnerability Types Covered

1. Missing Authentication (CWE-306)

2. Improper Authentication (CWE-287)

3. Session Fixation (CWE-384)

4. Broken Authentication (CWE-287)

Investigation Methodology

Step 1: Find Authentication Points

Step 2: Check Auth Decorators

Step 3: Analyze Session Management

Step 4: Check Credential Handling

Step 5: Cross-Reference with Org

Classification Criteria

Output Format

CWE Mapping

Safety Rules

同仓库更多 Skills

同仓库更多 Skills

SAST Authentication Testing Skill

Purpose

Vulnerability Types Covered

1. Missing Authentication (CWE-306)

2. Improper Authentication (CWE-287)

3. Session Fixation (CWE-384)

4. Broken Authentication (CWE-287)

Investigation Methodology

Step 1: Find Authentication Points

Step 2: Check Auth Decorators

Step 3: Analyze Session Management

Step 4: Check Credential Handling

Step 5: Cross-Reference with Org

Classification Criteria

Output Format

CWE Mapping

Safety Rules