Stats
Actions
Tags
From communitytools
Tests authentication security including auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
How this skill is triggered — by the user, by Claude, or both
Slash command
/communitytools:authenticationThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Test authentication mechanisms including login security, token handling, 2FA, CAPTCHA, and bot detection.
reference/BOT_DETECTION.mdreference/CAPTCHA_BYPASS.mdreference/INDEX.mdreference/PASSWORD_CREDENTIAL_MANAGEMENT.mdreference/adfs-exploitation.mdreference/authentication-cheat-sheet.mdreference/authentication-index.mdreference/authentication-principles.mdreference/authentication-quickstart.mdreference/authentication-resources.mdreference/default-credentials.mdreference/jwt-advanced.mdreference/jwt-quickstart.mdreference/jwt_security_resources.mdreference/ntlm-http-listener.pyreference/oauth-index.mdreference/oauth-quickstart.mdreference/oauth-resources.mdreference/scenarios/2fa/backup-codes.mdreference/scenarios/2fa/brute-force-otp.mdTest authentication mechanisms including login security, token handling, 2FA, CAPTCHA, and bot detection.
| Type | Key Vectors |
|---|---|
| Auth Bypass | Default credentials, logic flaws, response manipulation |
| ADFS/SAML | Golden SAML, token signing cert theft, assertion manipulation, SAML wrapping |
| JWT | Algorithm confusion, key injection, claim tampering, token forging |
| OAuth | Redirect manipulation, CSRF, token leakage, scope abuse |
| Password | Brute force, credential stuffing, password policy bypass |
| 2FA Bypass | Response manipulation, direct endpoint access, code reuse, race conditions |
| CAPTCHA Bypass | Missing server validation, token reuse, OCR, parameter manipulation |
| Bot Detection | Behavioral biometrics simulation, fingerprint randomization, stealth mode |
PasswordGenerator (tools/password_generator.py):
from tools.password_generator import generate_password
password = generate_password(hint_text="8-16 chars, uppercase, numbers")
CredentialManager (tools/credential_manager.py):
from tools.credential_manager import CredentialManager
mgr = CredentialManager()
mgr.store_credential(target="example.com", username="test", password="pass")
reference/authentication*.md - Auth bypass techniques, payloads, and resourcesreference/jwt*.md - JWT attack techniques and cheat sheetsreference/oauth*.md - OAuth vulnerability testingreference/scenarios/password-attacks/*.md - Password attack vectors (spray, stuffing, cracking, PtH)reference/adfs-exploitation.md - ADFS, Golden SAML, federation attacksreference/scenarios/2fa/*.md - 2FA bypass methodsreference/CAPTCHA_BYPASS.md - 11 CAPTCHA bypass techniquesreference/BOT_DETECTION.md - Bot detection evasion strategiesreference/PASSWORD_CREDENTIAL_MANAGEMENT.md - Tool usage guidenpx claudepluginhub transilienceai/communitytoolsAutomates authentication security testing: signup, login, 2FA/OTP bypass, CAPTCHA solving, bot detection evasion using Playwright. Simulates human behavior, handles credentials for assessments.
Identifies and tests broken authentication vulnerabilities in web apps including password policies, session management, credential enumeration, MFA, and token handling like JWT/OAuth. For OWASP Top 10 audits.
Guides pentesting for authentication bypass vulnerabilities in web apps and APIs, including OTP/2FA bypass, JWT manipulation, default credentials, session fixation, and OAuth attacks.