Skill

pentest-auth

Tests authentication and session security in web apps: JWT algorithm issues, OAuth misconfigs, session cookie flags, brute force resistance. Passive analysis auto-runs; active needs consent.

Bash

Oauth

JWT

security

authentication

npx claudepluginhub sabania/pentest-cli --plugin pentest-framework

Tool Access

This skill is limited to using the following tools:

BashAgentRead

Preview

Test a target application's authentication mechanisms including JWT token security, OAuth implementation, session management, and brute force resistance.

SKILL.md

Similar Skills

testing-api-authentication-weaknesses

5.9k

Tests API authentication for OWASP API2:2023 Broken Authentication issues like JWT flaws, missing endpoint protection, token leakage, weak passwords, and session weaknesses.

3 files

cybersecurity-skills

testing-api-authentication-weaknesses

Tests API authentication mechanisms for weaknesses like broken JWT validation, missing endpoint auth, weak passwords, credential stuffing, token leakage, and session flaws. Maps to OWASP API2:2023.

asi

broken-authentication

37.1k

Identifies and tests broken authentication vulnerabilities in web apps including password policies, session management, credential enumeration, MFA, and token handling like JWT/OAuth. For OWASP Top 10 audits.

antigravity-awesome-skills

Stats

Parent Repo Stars5

Parent Repo Forks0

Last CommitMar 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

/pentest-auth — Authentication & Session Testing

Test a target application's authentication mechanisms including JWT token security, OAuth implementation, session management, and brute force resistance.

Input

The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.

Steps

Parse the target URL from $ARGUMENTS.

Delegate to auth-agent using the Agent tool. The agent performs the following:

Phase 1 — Passive Analysis (no consent needed):

pentest -k -j -o ./findings auth jwt <url>
pentest -k -j -o ./findings auth oauth <url>
pentest -k -j -o ./findings auth session <url>

If JWT tokens were found during a previous bundle scan (check ./findings/ for bundle results), extract and analyze them for:
- Algorithm confusion vulnerabilities (none, HS256 vs RS256)
- Weak signing keys
- Sensitive data in payload
- Missing expiration claims
Analyze OAuth endpoints for misconfigurations (open redirects, state parameter usage)
Check session management (cookie flags, session fixation, timeout policies)

Phase 2 — Active Testing (requires explicit consent):

Before running brute force tests, ask the user:

Brute force testing will send multiple login attempts to the target. This may lock out accounts or trigger rate limiting. Do you want to proceed? (yes/no)

If the user consents:

pentest -k -j -o ./findings auth brute --active --yes <url>

Read the JSON outputs from ./findings/ to gather all results.

Present findings covering:

JWT vulnerabilities (algorithm issues, weak keys, information disclosure)
OAuth misconfigurations (redirect URI validation, state parameter, scope issues)
Session management weaknesses (missing Secure/HttpOnly flags, predictable session IDs)
Brute force results (if run): rate limiting effectiveness, account lockout policies

Notes

Phase 1 (JWT, OAuth, session analysis) is passive and safe.

Phase 2 (brute force) is active and requires explicit user consent.

Use -k to skip SSL verification for targets with self-signed certs.

Use -j for machine-readable JSON output.

Use -o ./findings to persist results for later reporting.

/pentest-auth — Authentication & Session Testing

Test a target application's authentication mechanisms including JWT token security, OAuth implementation, session management, and brute force resistance.

Input

The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.

Steps

Parse the target URL from $ARGUMENTS.

Delegate to auth-agent using the Agent tool. The agent performs the following:

Phase 1 — Passive Analysis (no consent needed):

pentest -k -j -o ./findings auth jwt <url>
pentest -k -j -o ./findings auth oauth <url>
pentest -k -j -o ./findings auth session <url>

If JWT tokens were found during a previous bundle scan (check ./findings/ for bundle results), extract and analyze them for:
- Algorithm confusion vulnerabilities (none, HS256 vs RS256)
- Weak signing keys
- Sensitive data in payload
- Missing expiration claims
Analyze OAuth endpoints for misconfigurations (open redirects, state parameter usage)
Check session management (cookie flags, session fixation, timeout policies)

Phase 2 — Active Testing (requires explicit consent):

Before running brute force tests, ask the user:

Brute force testing will send multiple login attempts to the target. This may lock out accounts or trigger rate limiting. Do you want to proceed? (yes/no)

If the user consents:

pentest -k -j -o ./findings auth brute --active --yes <url>

Read the JSON outputs from ./findings/ to gather all results.

Present findings covering:

JWT vulnerabilities (algorithm issues, weak keys, information disclosure)
OAuth misconfigurations (redirect URI validation, state parameter, scope issues)
Session management weaknesses (missing Secure/HttpOnly flags, predictable session IDs)
Brute force results (if run): rate limiting effectiveness, account lockout policies

Notes

Phase 1 (JWT, OAuth, session analysis) is passive and safe.

Phase 2 (brute force) is active and requires explicit user consent.

Use -k to skip SSL verification for targets with self-signed certs.

Use -j for machine-readable JSON output.

Use -o ./findings to persist results for later reporting.