🧪 Skills
Pentest Auth Bypass
--- name: pentest-auth-bypass description: Test authentication and session management controls for bypass and account takeover scenarios. --- # Pentest Auth Bypass ## Stage - PTES: 5 - MITRE: T1110
v0.1.0
Description
name: pentest-auth-bypass description: Test authentication and session management controls for bypass and account takeover scenarios.
Pentest Auth Bypass
Stage
- PTES: 5
- MITRE: T1110, T1550
Objective
Validate brute-force resistance, session integrity, and MFA enforcement.
Required Workflow
- Validate scope before any active action and reject out-of-scope targets.
- Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
- Write findings in canonical finding_schema format with reproducible PoC notes.
- Honor dry-run mode and require explicit --i-have-authorization for live execution.
- Export deterministic artifacts for downstream skill consumption.
Execution
python skills/pentest-auth-bypass/scripts/auth_bypass.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
Outputs
auth-findings.jsonvalid-sessions.jsonauth-attack-report.json
References
references/tools.mdskills/autonomous-pentester/shared/scope_schema.jsonskills/autonomous-pentester/shared/finding_schema.json
Legal and Ethical Notice
WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.
Reviews (0)
Sign in to write a review.
No reviews yet. Be the first to review!
Comments (0)
No comments yet. Be the first to share your thoughts!