ReddRadar
Agent skill
authentication
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Install this agent skill to your Project
npx add-skill https://github.com/transilienceai/communitytools/tree/main/projects/pentest/.claude/skills/authentication
SKILL.md
Authentication
Test authentication mechanisms including login security, token handling, 2FA, CAPTCHA, and bot detection.
Techniques
| Type | Key Vectors |
|---|---|
| Auth Bypass | Default credentials, logic flaws, response manipulation |
| JWT | Algorithm confusion, key injection, claim tampering, token forging |
| OAuth | Redirect manipulation, CSRF, token leakage, scope abuse |
| Password | Brute force, credential stuffing, password policy bypass |
| 2FA Bypass | Response manipulation, direct endpoint access, code reuse, race conditions |
| CAPTCHA Bypass | Missing server validation, token reuse, OCR, parameter manipulation |
| Bot Detection | Behavioral biometrics simulation, fingerprint randomization, stealth mode |
Tools
PasswordGenerator (tools/password_generator.py):
from tools.password_generator import generate_password
password = generate_password(hint_text="8-16 chars, uppercase, numbers")
CredentialManager (tools/credential_manager.py):
from tools.credential_manager import CredentialManager
mgr = CredentialManager()
mgr.store_credential(target="example.com", username="test", password="pass")
Workflow
- Analyze auth implementation (forms, tokens, 2FA, CAPTCHA)
- Test bypass vectors per technique type
- Use Playwright MCP with human-like behavior (typing 80-200ms, random pauses)
- Capture evidence (screenshots, network logs, tokens)
- Document findings with PoC scripts
Reference
reference/authentication*.md- Auth bypass techniques, payloads, and resourcesreference/jwt*.md- JWT attack techniques and cheat sheetsreference/oauth*.md- OAuth vulnerability testingreference/password-attacks.md- Password attack vectorsreference/2FA_BYPASS.md- 10 2FA bypass methodsreference/CAPTCHA_BYPASS.md- 11 CAPTCHA bypass techniquesreference/BOT_DETECTION.md- Bot detection evasion strategiesreference/PASSWORD_CREDENTIAL_MANAGEMENT.md- Tool usage guide
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
transilienceai/communitytools
techstack-identification
OSINT-based technology stack identification. Discovers company tech stacks using passive reconnaissance across 17 intelligence domains. Given a company name (and optional domain hint), infers frontend, backend, infrastructure, and security technologies using publicly available signals.
transilienceai/communitytools
conflict_resolver
transilienceai/communitytools
web-archive-analysis
Uses Wayback Machine to detect technology migrations over time
transilienceai/communitytools
evidence_formatter
transilienceai/communitytools
signal_correlator
transilienceai/communitytools
dns-intelligence
Extracts technology signals from DNS records (MX, TXT, NS, CNAME, SRV)
Didn't find tool you were looking for?