Skills pentest-auth-bypass

Name: pentest-auth-bypass
Author: openclaw

Test authentication and session management controls for bypass and account takeover scenarios.

install

source · Clone the upstream repo

git clone https://github.com/openclaw/skills

Claude Code · Install into ~/.claude/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/0x-professor/pentest-auth-bypass" ~/.claude/skills/openclaw-skills-pentest-auth-bypass && rm -rf "$T"

OpenClaw · Install into ~/.openclaw/skills/

T=$(mktemp -d) && git clone --depth=1 https://github.com/openclaw/skills "$T" && mkdir -p ~/.openclaw/skills && cp -r "$T/skills/0x-professor/pentest-auth-bypass" ~/.openclaw/skills/openclaw-skills-pentest-auth-bypass && rm -rf "$T"

manifest: skills/0x-professor/pentest-auth-bypass/SKILL.md

Pentest Auth Bypass

Stage

PTES: 5
MITRE: T1110, T1550

Objective

Validate brute-force resistance, session integrity, and MFA enforcement.

Required Workflow

Validate scope before any active action and reject out-of-scope targets.
Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
Write findings in canonical finding_schema format with reproducible PoC notes.
Honor dry-run mode and require explicit --i-have-authorization for live execution.
Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-auth-bypass/scripts/auth_bypass.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

```
auth-findings.json
```
```
valid-sessions.json
```
```
auth-attack-report.json
```

References

```
references/tools.md
```

skills/autonomous-pentester/shared/scope_schema.json

skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.