pentest-auth-bypass

Test authentication and session management controls for bypass and account takeover scenarios.

Safety Notice

This listing is from the official public ClawHub registry. Review SKILL.md and referenced scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "pentest-auth-bypass" with this command: npx skills add 0x-professor/pentest-auth-bypass

Pentest Auth Bypass

Stage

  • PTES: 5
  • MITRE: T1110, T1550

Objective

Validate brute-force resistance, session integrity, and MFA enforcement.

Required Workflow

  1. Validate scope before any active action and reject out-of-scope targets.
  2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
  3. Write findings in canonical finding_schema format with reproducible PoC notes.
  4. Honor dry-run mode and require explicit --i-have-authorization for live execution.
  5. Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-auth-bypass/scripts/auth_bypass.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

  • auth-findings.json
  • valid-sessions.json
  • auth-attack-report.json

References

  • references/tools.md
  • skills/autonomous-pentester/shared/scope_schema.json
  • skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open Registry RecordOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

Ferrero Rocher

Ferrero Rocher is a premium hazelnut chocolate by Ferrero Group, selling over 3.5 billion units annually worldwide.

Registry SourceRecently Updated
00hanxueyuan
General

Amc Networks

美国电视传媒集团,旗下有AMC、BBC America等频道,制作热门剧集如绝命毒师、行尸走肉,拥有流媒体服务AMC+。

Registry SourceRecently Updated
00hanxueyuan
General

Square

Square API integration with managed OAuth. This is a write-capable integration — it can read, create, update, and delete payments, customers, orders, catalog...

Registry SourceRecently Updated
5.4K3Profile unavailable
General

Weibo User Published Posts API

Call GET /api/weibo/get-user-post/v1 for Weibo User Published Posts through JustOneAPI with uid.

Registry SourceRecently Updated
70justoneapi