This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
8.7
Rating
0
Installs
Security
Category
Excellent comprehensive skill for broken authentication testing. The description clearly covers multiple invocation scenarios (credential stuffing, session fixation, password policies, etc.). Task knowledge is outstanding with detailed 10-phase workflow, concrete commands, HTTP examples, Python scripts, and practical payloads. Structure is very clear with logical progression from reconnaissance to exploitation, useful quick-reference tables, and troubleshooting guidance. Novelty is high: authentication testing requires specialized security knowledge, multiple tools (Burp Suite, Hydra), legal considerations, and complex multi-step workflows that would consume significant tokens for a CLI agent to orchestrate independently. Minor improvement opportunity: could separate extensive reference tables into companion files for even cleaner organization, though current single-file approach remains highly usable.
davila7
Skill Author
Loading SKILL.md…
