Skip to main content

hunt-auth-bypass

This skill aids in identifying and exploiting authentication bypass vulnerabilities, enhancing security assessments for web applications.

Install this skill

or
70/100

Security score

The hunt-auth-bypass skill was audited on May 29, 2026 and we found 14 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 159

Curl to non-GitHub URL

SourceSKILL.md
159curl -s -X POST https://target.com/xmlrpc.php \
medium line 168

Curl to non-GitHub URL

SourceSKILL.md
168curl -s -X POST https://target.com/xmlrpc.php \
medium line 210

Curl to non-GitHub URL

SourceSKILL.md
210TOKEN=$(curl -s -X POST https://partners.target.com/login \
medium line 215

Curl to non-GitHub URL

SourceSKILL.md
215curl -s https://admin.target.com/dashboard \
low line 186

Base64 decode operation

SourceSKILL.md
186saml_xml = base64.b64decode(saml_b64).decode()
low line 192

Base64 decode operation

SourceSKILL.md
192print(base64.b64encode(stripped.encode()).decode())
low line 224

Base64 decode operation

SourceSKILL.md
224header = base64.b64encode(json.dumps({"alg":"none","typ":"JWT"}).encode()).decode().rstrip('=')
low line 225

Base64 decode operation

SourceSKILL.md
225payload = base64.b64encode(json.dumps({"user_id":1,"role":"admin","email":"[email protected]"}).encode()).decode().rstrip('=')
low line 45

External URL reference

SourceSKILL.md
45Location: https://idp.company.com/saml
low line 159

External URL reference

SourceSKILL.md
159curl -s -X POST https://target.com/xmlrpc.php \
low line 168

External URL reference

SourceSKILL.md
168curl -s -X POST https://target.com/xmlrpc.php \
low line 204

External URL reference

SourceSKILL.md
204<NameID xmlns:evil="http://evil.com">[email protected]</NameID>
low line 210

External URL reference

SourceSKILL.md
210TOKEN=$(curl -s -X POST https://partners.target.com/login \
low line 215

External URL reference

SourceSKILL.md
215curl -s https://admin.target.com/dashboard \
Scanned on May 29, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedJune 15, 2026
openclawapitestingsecurity-engineerqa-engineerdata-analystgithubdevelopmentdata analytics
AKasem1/claude-bug-bounty