UhdyIndy/authentication
skills/authentication/SKILL.md
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
testing
Updated Apr 24, 2026
$ install --global
skillsauthnpx skillsauth add UhdyIndy/antigravity-awesome-skills authenticationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 4:26 AM176.7s23 files scanned
SKILL.md
- name:
- authentication
- description:
- Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Authentication
Test authentication mechanisms including login security, token handling, 2FA, CAPTCHA, and bot detection.
Techniques
| Type | Key Vectors | |------|-------------| | Auth Bypass | Default credentials, logic flaws, response manipulation | | JWT | Algorithm confusion, key injection, claim tampering, token forging | | OAuth | Redirect manipulation, CSRF, token leakage, scope abuse | | Password | Brute force, credential stuffing, password policy bypass | | 2FA Bypass | Response manipulation, direct endpoint access, code reuse, race conditions | | CAPTCHA Bypass | Missing server validation, token reuse, OCR, parameter manipulation | | Bot Detection | Behavioral biometrics simulation, fingerprint randomization, stealth mode |
Tools
PasswordGenerator (tools/password_generator.py):
from tools.password_generator import generate_password
password = generate_password(hint_text="8-16 chars, uppercase, numbers")
CredentialManager (tools/credential_manager.py):
from tools.credential_manager import CredentialManager
mgr = CredentialManager()
mgr.store_credential(target="example.com", username="test", password="pass")
Workflow
- Analyze auth implementation (forms, tokens, 2FA, CAPTCHA)
- Test bypass vectors per technique type
- Use Playwright MCP with human-like behavior (typing 80-200ms, random pauses)
- Capture evidence (screenshots, network logs, tokens)
- Document findings with PoC scripts
Reference
reference/authentication*.md- Auth bypass techniques, payloads, and resourcesreference/jwt*.md- JWT attack techniques and cheat sheetsreference/oauth*.md- OAuth vulnerability testingreference/password-attacks.md- Password attack vectorsreference/2FA_BYPASS.md- 10 2FA bypass methodsreference/CAPTCHA_BYPASS.md- 11 CAPTCHA bypass techniquesreference/BOT_DETECTION.md- Bot detection evasion strategiesreference/PASSWORD_CREDENTIAL_MANAGEMENT.md- Tool usage guide
Related Skills
UhdyIndy/azure-keyvault-keys-rust
tools
VerifiedTrustedCommunity
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
SKILL.mdUpdated Apr 24, 2026
UhdyIndy/azure-keyvault-certificates-rust
development
VerifiedTrustedCommunity
Azure Key Vault Certificates SDK for Rust. Use for creating, importing, and managing certificates.
SKILL.mdUpdated Apr 24, 2026
UhdyIndy/azure-identity-ts
devops
VerifiedTrustedCommunity
Authenticate to Azure services with various credential types.
SKILL.mdUpdated Apr 24, 2026
UhdyIndy/azure-identity-rust
tools
VerifiedTrustedCommunity
Azure Identity SDK for Rust authentication. Use for DeveloperToolsCredential, ManagedIdentityCredential, ClientSecretCredential, and token-based authentication.
SKILL.mdUpdated Apr 24, 2026