Stats
Actions
Tags
From pentest-framework
Tests authentication and session security in web apps: JWT algorithm issues, OAuth misconfigs, session cookie flags, brute force resistance. Passive analysis auto-runs; active needs consent.
How this skill is triggered — by the user, by Claude, or both
Slash command
/pentest-framework:pentest-authThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Test a target application's authentication mechanisms including JWT token security, OAuth implementation, session management, and brute force resistance.
Test a target application's authentication mechanisms including JWT token security, OAuth implementation, session management, and brute force resistance.
The target URL is provided via $ARGUMENTS. If no URL is provided, ask the user for one.
Parse the target URL from $ARGUMENTS.
Delegate to auth-agent using the Agent tool. The agent performs the following:
Phase 1 — Passive Analysis (no consent needed):
pentest -k -j -o ./findings auth jwt <url>
pentest -k -j -o ./findings auth oauth <url>
pentest -k -j -o ./findings auth session <url>
./findings/ for bundle results), extract and analyze them for:
Phase 2 — Active Testing (requires explicit consent):
Before running brute force tests, ask the user:
Brute force testing will send multiple login attempts to the target. This may lock out accounts or trigger rate limiting. Do you want to proceed? (yes/no)
If the user consents:
pentest -k -j -o ./findings auth brute --active --yes <url>
Read the JSON outputs from ./findings/ to gather all results.
Present findings covering:
-k to skip SSL verification for targets with self-signed certs.-j for machine-readable JSON output.-o ./findings to persist results for later reporting.npx claudepluginhub sabania/pentest-cli --plugin pentest-frameworkTests API authentication for weaknesses: broken token validation, missing auth, weak passwords, credential stuffing, token leakage. Evaluates JWT, OAuth, and session management. Maps to OWASP API2:2023.
Tests API authentication for weaknesses: broken token validation, missing auth, weak passwords, credential stuffing, token leakage. Evaluates JWT, OAuth, and session management. Maps to OWASP API2:2023.
Tests API authentication mechanisms for weaknesses like broken JWT validation, missing endpoint auth, weak passwords, credential stuffing, token leakage, and session flaws. Maps to OWASP API2:2023.