From communitytools
Tests authentication security including auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
npx claudepluginhub transilienceai/communitytoolsThis skill uses the workspace's default tool permissions.
Test authentication mechanisms including login security, token handling, 2FA, CAPTCHA, and bot detection.
reference/2FA_BYPASS.mdreference/BOT_DETECTION.mdreference/CAPTCHA_BYPASS.mdreference/PASSWORD_CREDENTIAL_MANAGEMENT.mdreference/adfs-exploitation.mdreference/authentication-cheat-sheet.mdreference/authentication-index.mdreference/authentication-quickstart.mdreference/authentication-resources.mdreference/default-credentials.mdreference/jwt-advanced.mdreference/jwt-cheat-sheet.mdreference/jwt-quickstart.mdreference/jwt_attack_techniques.mdreference/jwt_security_resources.mdreference/ntlm-http-listener.pyreference/oauth-cheat-sheet.mdreference/oauth-index.mdreference/oauth-quickstart.mdreference/oauth-resources.mdTests web authentication for OWASP Top 10 vulnerabilities: password policies, credential enumeration, session tokens (JWT/OAuth), MFA flaws, and brute-force risks.
Guides pentesting for authentication bypass vulnerabilities in web apps and APIs, including OTP/2FA bypass, JWT manipulation, default credentials, session fixation, and OAuth attacks.
Tests API authentication mechanisms for weaknesses like broken JWT validation, missing endpoint auth, weak passwords, credential stuffing, token leakage, and session flaws. Maps to OWASP API2:2023.
Share bugs, ideas, or general feedback.
Test authentication mechanisms including login security, token handling, 2FA, CAPTCHA, and bot detection.
| Type | Key Vectors |
|---|---|
| Auth Bypass | Default credentials, logic flaws, response manipulation |
| ADFS/SAML | Golden SAML, token signing cert theft, assertion manipulation, SAML wrapping |
| JWT | Algorithm confusion, key injection, claim tampering, token forging |
| OAuth | Redirect manipulation, CSRF, token leakage, scope abuse |
| Password | Brute force, credential stuffing, password policy bypass |
| 2FA Bypass | Response manipulation, direct endpoint access, code reuse, race conditions |
| CAPTCHA Bypass | Missing server validation, token reuse, OCR, parameter manipulation |
| Bot Detection | Behavioral biometrics simulation, fingerprint randomization, stealth mode |
PasswordGenerator (tools/password_generator.py):
from tools.password_generator import generate_password
password = generate_password(hint_text="8-16 chars, uppercase, numbers")
CredentialManager (tools/credential_manager.py):
from tools.credential_manager import CredentialManager
mgr = CredentialManager()
mgr.store_credential(target="example.com", username="test", password="pass")
reference/authentication*.md - Auth bypass techniques, payloads, and resourcesreference/jwt*.md - JWT attack techniques and cheat sheetsreference/oauth*.md - OAuth vulnerability testingreference/password-attacks.md - Password attack vectorsreference/adfs-exploitation.md - ADFS, Golden SAML, federation attacksreference/2FA_BYPASS.md - 10 2FA bypass methodsreference/CAPTCHA_BYPASS.md - 11 CAPTCHA bypass techniquesreference/BOT_DETECTION.md - Bot detection evasion strategiesreference/PASSWORD_CREDENTIAL_MANAGEMENT.md - Tool usage guide