Stats
Actions
Tags
From find-cve-agent
Detects authentication and authorization bypass vulnerabilities including missing auth middleware, JWT algorithm confusion, IDOR, and session fixation in web apps.
How this skill is triggered — by the user, by Claude, or both
Slash command
/find-cve-agent:auth-bypassThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit web frameworks, API gateways, admin panels, CMS systems, and any application with role-based access control.
Audit web frameworks, API gateways, admin panels, CMS systems, and any application with role-based access control.
# Express.js
grep -rn "app\.get\|app\.post\|app\.put\|app\.delete\|app\.patch\|router\." .
# Django
grep -rn "path(\|url(\|urlpatterns" .
# Flask
grep -rn "@app\.route\|@blueprint\.route" .
# Go
grep -rn "HandleFunc\|Handle\|mux\.\|router\." .
# Rails
grep -rn "get \|post \|put \|delete \|patch " config/routes.rb
# Express
grep -rn "isAuthenticated\|requireAuth\|authMiddleware\|passport\|jwt\.verify" .
grep -rn "app\.use(.*auth\|router\.use(.*auth" .
# Django
grep -rn "login_required\|permission_required\|@permission_classes\|IsAuthenticated" .
# Flask
grep -rn "login_required\|@jwt_required\|current_user" .
# Go
grep -rn "AuthMiddleware\|RequireAuth\|WithAuth" .
# Rails
grep -rn "before_action.*authenticate\|before_action.*authorize" .
For EACH route, verify:
# JWT issues
grep -rn "algorithms\|algorithm\|alg\|verify.*false\|verify.*False" .
grep -rn "jwt\.decode\|jwt\.verify\|jose\|jsonwebtoken" .
# Session fixation
grep -rn "session\.regenerate\|session\.destroy" .
# IDOR (missing ownership check)
grep -rn "findById\|findOne\|params\.id\|req\.params" .
// Protected
app.get('/api/users', authMiddleware, getUsers);
// MISSING AUTH
app.get('/api/users/:id/export', exportUser); // No middleware!
// VULNERABLE: accepts algorithm from token header
jwt.verify(token, publicKey); // If alg=HS256, public key used as HMAC secret
// SAFE: specifies allowed algorithms
jwt.verify(token, publicKey, { algorithms: ['RS256'] });
app.get('/api/documents/:id', auth, (req, res) => {
// VULNERABLE: finds document by ID without checking owner
const doc = await Document.findById(req.params.id);
res.json(doc);
// SAFE: checks ownership
const doc = await Document.findOne({ _id: req.params.id, owner: req.user.id });
});
npx claudepluginhub byamb4/find-cve-agentAudits Python code for authentication bypass vulnerabilities in permission checks, DRF views, JWT/token validation, decorators, middleware, and SSO/OAuth flows. Covers CWE-285/287/863.
Analyzes auth mechanisms (passwords/sessions/JWT/OAuth/MFA) and authz patterns (RBAC/ABAC/ACL) for vulnerabilities like bypasses, hijacking, broken access control; reports with OWASP/NIST remediation.
Detects missing ownership checks, broken role enforcement, and IDOR vulnerabilities in authorization code. Use when implementing access control middleware or resource ownership checks.