Web authentication testing framework

Related tags

Authenticationpythonsecurityauthenticationauthorizationhylangraiderauth
Overview

Raider logo

What is this

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behaviour. Raider aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems.

Note:

Raider is still a work in progress. Bugs and missing features are to be expected. If you find something that doesn't work as expected, open a Github issue and let us know. You can also join the community forum and start asking questions there.

Features

Raider has the goal to support most of the modern authentication systems, and here are some features that other tools don't offer:

  • Unlimited authentication steps
  • Unlimited inputs/outputs for each step
  • Ability to conditionally decide the next step
  • Running arbitrary operations when receiving the response
  • Easy to write custom operations and plugins

How does it work

Raider treats the authentication as a finite state machine. Each authentication step is a different state, with its own inputs and outputs. Those can be cookies, headers, CSRF tokens, or other pieces of information.

Each application needs its own configuration file for Raider to work. The configuration is written in Hylang. The language choice was done for multiple reasons, mainly because it's a Lisp dialect embedded in Python.

Using Lisp was necessarily since sometimes the authentication can get quite complex, and using a static configuration file would've not been enough to cover all the details. Lisp makes it easy to combine code and data, which is exactly what was needed here.

By using a real programming language as a configuration file gives Raider a lot of power, and with great power comes great responsibility. Theoretically one can write entire malware inside the application configuration file, which means you should be careful what's being executed, and not to use configuration files from sources you don't trust. Raider will evaluate everything inside the .hy files, which means if you're not careful you could shoot yourself in the foot and break something on your system.

Installation

Raider is available on PyPi:

$ pip3 install --user raider

Raider's philosophy

Raider was developed with the following goals:

  • To abstract authentication concepts using Python objects.
  • To support most modern web authentication features.
  • To make it easy to add new features for users.

And if you're looking at the code and willing to contribute, keep those in mind:

  • The simpler and cleaner the code, the better.
  • New features should be implemented as Plugins and Operations if possible.
  • The hyfiles should stay as minimal as possible, while still allowing the user to get creative. In the future parts of this code could be autogenerated.

The Documentation is available on Read the Docs.

Come talk to us in the community forum.

Comments
  • Bump importlib-metadata from 4.11.4 to 4.12.0

    Bump importlib-metadata from 4.11.4 to 4.12.0

    Bumps importlib-metadata from 4.11.4 to 4.12.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v4.12.0

    • py-93259: Now raise ValueError when None or an empty string are passed to Distribution.from_name (and other callers).
    Commits
    • 516f2a7 Fix reference in docs build.
    • c8d7285 Merge pull request #391 from python/ghpython-93259/from-name-arg-validation-s...
    • 91b7149 Update changelog
    • c96dc1e Merge branch 'main' into ghpython-93259/from-name-arg-validation-simple
    • f52757d In Distribution.from_name, re-use discover.
    • 344a6ff Refactor Distribution.from_name to avoid return in loop and unnecessary None ...
    • eb19c64 In Distribution.from_name, require a non-empty string. Fixes python/cpython#9...
    • d3fe031 Add comment about the compatibility factor.
    • a4ae953 Add xfail test capturing new expectation.
    • e5b7d87 Merge pull request #390 from python/bugfix/noisy-coverage
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 5
  • Bump pillow from 9.0.1 to 9.1.1

    Bump pillow from 9.0.1 to 9.1.1

    Bumps pillow from 9.0.1 to 9.1.1.

    Release notes

    Sourced from pillow's releases.

    9.1.1

    This release addresses several security problems.

    CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow.

    Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.

    9.1.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.1.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.1.1 (2022-05-17)

    • When reading past the end of a TGA scan line, reduce bytes left. CVE-2022-30595 [radarhere]

    • Do not open images with zero or negative height #6269 [radarhere]

    9.1.0 (2022-04-01)

    • Add support for multiple component transformation to JPEG2000 #5500 [scaramallion, radarhere, hugovk]

    • Fix loading FriBiDi on Alpine #6165 [nulano]

    • Added setting for converting GIF P frames to RGB #6150 [radarhere]

    • Allow 1 mode images to be inverted #6034 [radarhere]

    • Raise ValueError when trying to save empty JPEG #6159 [radarhere]

    • Always save TIFF with contiguous planar configuration #5973 [radarhere]

    • Connected discontiguous polygon corners #5980 [radarhere]

    • Ensure Tkinter hook is activated for getimage() #6032 [radarhere]

    • Use screencapture arguments to crop on macOS #6152 [radarhere]

    • Do not mark L mode JPEG as 1 bit in PDF #6151 [radarhere]

    • Added support for reading I;16R TIFF images #6132 [radarhere]

    • If an error occurs after creating a file, remove the file #6134 [radarhere]

    • Fixed calling DisplayViewer or XVViewer without a title #6136 [radarhere]

    ... (truncated)

    Commits
    • 0f44136 9.1.1 version bump
    • f66f5e1 pre-commit: update Black to fix Click
    • 0153b37 Skip test_realloc_overflow unless libtiff 4.0.4 or higher
    • 6fcd31b Added release notes for 9.1.1
    • c846cc8 When reading past the end of a scan line, reduce bytes left
    • 184b73e Do not open images with zero or negative height
    • 5d07022 Update CHANGES.rst [ci skip]
    • 1e0bc4a 9.1.0 version bump
    • 0606f02 Merge pull request #6168 from hugovk/release-notes
    • 703f54c Merge pull request #5500 from scaramallion/dev-j2k
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump pylint from 2.14.2 to 2.14.3

    Bump pylint from 2.14.2 to 2.14.3

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

    Bumps pylint from 2.14.2 to 2.14.3.

    Commits
    • 680edeb Bump pylint to 2.14.3, update changelog
    • b05ac51 Pin colorama to lowest supported version (#6970)
    • 417e8c3 Fix bad-super-call for non-direct parents (#6956)
    • fb6be59 Fix undefined-variable for __class__ in inner methods (#6957)
    • b9ecb4d Fix false positive for useless-super-delegation for variadics (#6949)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 4.1.1 to 4.1.3

    Bump tox from 4.1.1 to 4.1.3

    Bumps tox from 4.1.1 to 4.1.3.

    Release notes

    Sourced from tox's releases.

    4.1.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.2...4.1.3

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.3 (2023-01-02)

    Bugfixes - 4.1.3

    - Reuse package_env with ``--installpkg`` - by :user:`q0w`. (:issue:`2442`)
- Fail more gracefully when pip :ref:`install_command` is empty - by :user:`jayaddison`. (:issue:`2695`)

    Improved Documentation - 4.1.3

    • Add breaking-change documentation for empty install_command values - by :user:jayaddison. (:issue:2695)

    Misc - 4.1.3

    - :issue:`2796`, :issue:`2797`

    v4.1.2 (2022-12-30)
    

    Bugfixes - 4.1.2

    • Fix --skip-missing-interpreters behaviour - by :user:q0w. (:issue:2649)
    • Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI environment - by :user:gaborbernat. (:issue:2685)
    • Fix extracting extras from markers with many extras - by :user:q0w. (:issue:2791)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.1.1 to 4.1.2

    Bump tox from 4.1.1 to 4.1.2

    Bumps tox from 4.1.1 to 4.1.2.

    Release notes

    Sourced from tox's releases.

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.2 (2022-12-30)

    Bugfixes - 4.1.2

    - Fix ``--skip-missing-interpreters`` behaviour - by :user:`q0w`. (:issue:`2649`)
- Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI
  environment - by :user:`gaborbernat`. (:issue:`2685`)
- Fix extracting extras from markers with many extras - by :user:`q0w`. (:issue:`2791`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.0.2 to 4.0.3

    Bump tox from 4.0.2 to 4.0.3

    Bumps tox from 4.0.2 to 4.0.3.

    Release notes

    Sourced from tox's releases.

    4.0.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.2...4.0.3

    Changelog

    Sourced from tox's changelog.

    v4.0.3 (2022-12-08)

    Bugfixes - 4.0.3

    - Always set environment variable ``PYTHONIOENCODING`` to ``utf-8`` to ensure tox works under Windows custom encodings
  - by :user:`gaborbernat`. (:issue:`2422`)
- Ensure :ref:`change_dir` is created if does not exist before executing :ref:`commands` - by :user:`gaborbernat`. (:issue:`2620`)
- Pass through ``NUMBER_OF_PROCESSORS`` on Windows as is needed for ``multiprocessing.cpu_count`` -
  by :user:`gaborbernat`. (:issue:`2629`)
- The core tox configuration now contains ``host_python`` key showing the host python executable path -
  by :user:`gaborbernat`. (:issue:`2630`)

    Improved Documentation - 4.0.3

    • Document that space separator is no longer valid for the :ref:passenv and instead one should use comma - by :user:gaborbernat. (:issue:2615)
    • Document necessity to escape # within INI configuration - by :user:jugmac00. (:issue:2617)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.5 to 2.15.6

    Bump pylint from 2.15.5 to 2.15.6

    Bumps pylint from 2.15.5 to 2.15.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump mypy from 0.961 to 0.990

    Bump mypy from 0.961 to 0.990

    Bumps mypy from 0.961 to 0.990.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.5

    Bump pylint from 2.15.3 to 2.15.5

    Bumps pylint from 2.15.3 to 2.15.5.

    Commits
    • bb17694 Merge pull request #7660 from cdce8p/release-2.15.5
    • fc7dc5e Bump pylint to 2.15.5, update changelog
    • 8def9a0 [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • 9c239c2 Sort examples/pylintrc for 2.15.5
    • 97ebe0b Sort --generate-rcfile output
    • 1579c43 Use relative paths in create_contributor_list.py (#7656)
    • c2d42ba Remove index from unnecessary-dunder-call check (#7650)
    • e8dc9b6 Swap plugin cache to pickle-able values when done (#7640)
    • b051fab Add regression test for no-member with empty AnnAssign (#7632)
    • 8cbc5a3 Upgrade astroid to 2.12.12 (#7649)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump importlib-metadata from 4.12.0 to 5.0.0

    Bump importlib-metadata from 4.12.0 to 5.0.0

    Bumps importlib-metadata from 4.12.0 to 5.0.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v5.0.0

    • #97, #284, #300: Removed compatibility shims for deprecated entry point interfaces.

    v4.13.0

    • #396: Added compatibility for PathDistributions originating from Python 3.8 and 3.9.
    Commits
    • 009ace3 Merge pull request #405 from python/feature/clean-entry-points
    • ac9ff95 Update documentation around removal of SelectableGroups.
    • 117d1b4 Disable flake8 due to incompatibility.
    • 2135490 Update changelog
    • 6ed01ae Merge removal commits into feature/clean-entry-points
    • dde2b9d Remove support for cast of iterable of entry points to dict. Ref #97.
    • 0c81964 Remove compatibility for EntryPoints.getitem by index.
    • 47544ce Remove DeprecatedList
    • 7e5bae4 Remove SelectableGroups
    • 9a6641b Merge pull request #401 from CAM-Gerlach/add-note-api-docs
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.4

    Bump pylint from 2.15.3 to 2.15.4

    Bumps pylint from 2.15.3 to 2.15.4.

    Commits
    • 20af036 Bump pylint to 2.15.4, update changelog
    • 78f8423 [towncrier] Add whitespaces between fragment in towncrier (#7431)
    • 49e15ab Disambiguate between str and enum member args to typing.Literal (#7414)
    • 07f484f Upgrade astroid version following 2.12.11 release
    • fa63d9b [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • a258854 Raise syntax-error correctly on invalid encodings (#7553)
    • 43ecd7d Fix handling of -- as separator between positional args and flags (#7551)
    • 66ae21c Check py-version for async unnecessary-dunder-call (#7549)
    • 983d5fc Fix crash in modified_iterating checker for set defined as a class attrib...
    • 5c22a79 Prevent redefined-outer-name for if t.TYPE_CHECKING
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.2 to 4.2.3

    Bump tox from 4.2.2 to 4.2.3

    Bumps tox from 4.2.2 to 4.2.3.

    Release notes

    Sourced from tox's releases.

    4.2.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.2...4.2.3

    Changelog

    Sourced from tox's changelog.

    v4.2.3 (2023-01-04)

    Bugfixes - 4.2.3

    - ``devenv`` does not respect the specified path when the package is a wheel file - by :user:`gaborbernat`. (:issue:`2815`)
- Require space after colon before factor filter expansion, unless it is the last character of the line - by :user:`pdecat`. (:issue:`2822`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Create a raider REPL

    Create a raider REPL

    To preserve a session across runs, raider would need to have a REPL, and the user should have the ability to inspect and manipulate all individual elements.

    enhancement architecture 
    opened by danielonsecurity 0
Releases(v0.3.3)

  • v0.3.3(Dec 27, 2022)

    Minor bugfix release.

    • Fix crash when JSON doesn't decode
    • Exit when (Failure) is returned while running multiple Flows from CLI
    • Cookie/Header .from_plugin didn't work after recent changes, this was fixed
    • Use RAIDERPATH environment variable
    Source code(tar.gz)
    Source code(zip)

  • v0.3.2(Dec 13, 2022)

    • Added Print.all Operation to print all HTTP data (request+response)
    • Add the option to run quoted hylang code as operation
    • Clean cache files and other unnecessary stuff from the final package
    Source code(tar.gz)
    Source code(zip)

  • v0.3.1(Dec 10, 2022)

  • v0.3.0(Dec 4, 2022)

    Besides outdated documentation, Raider is now ready to be considered a beta quality software. Many things have changed, and many are still being planned in the near future after the documentation gets updated. Raider started as a framework focused on testing and automating authentication processes, however it has evolved and now it can be used for all kinds of stateful HTTP processes.

    Some major things that have changed since last release are:

    • Raider now has a CLI interface (not fully complete)
    • Graph-like architecture, and there's no need to distinguish between authentication Flows and regular Flows
    • Logging added everywhere
    • New Plugins and Operations
    • No more special variables
    • Simplified Request definitions
    • Fixed many bugs and implemented many smaller features

    The documentation is still being worked on, so if you run into issues, you will have to figure it out from the source code, or wait a little until we update the documentation.

    Source code(tar.gz)
    Source code(zip)
Owner
OWASP
The OWASP Foundation
OWASP
GitHub Repository https://raiderauth.com/
Use this to create (admin) personal access token in gitlab database. Mainly used for automation.

gitlab-personal-access-token Ensure PAT is present in gitlab database. This tool is mainly used when you need to automate gitlab installation and conf

CINAQ Internet Technologies 1 Jan 30, 2022
Django-react-firebase-auth - A web app showcasing OAuth2.0 + OpenID Connect using Firebase, Django-Rest-Framework and React

Demo app to show Django Rest Framework working with Firebase for authentication

Teshank Raut 6 Oct 13, 2022
Includes Automation and Personal Projects

Python Models, and Connect Forclient & OpenCv projects Completed Automation** Alarm (S

tushar malhan 1 Jan 15, 2022
A simple Boilerplate to Setup Authentication using Django-allauth 🚀

A simple Boilerplate to Setup Authentication using Django-allauth, with a custom template for login and registration using django-crispy-forms.

Yasser Tahiri 13 May 13, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 02, 2023
This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes

SyscallExtractorAnalyzer This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes Goals Teach

Truvis Thornton 18 Jul 09, 2022
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 997 Jan 06, 2023
Basic auth for Django.

easy-basicauth WARNING! THIS LIBRARY IS IN PROGRESS! ANYTHING CAN CHANGE AT ANY MOMENT WITHOUT ANY NOTICE! Installation pip install easy-basicauth Usa

bichanna 2 Mar 25, 2022
Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

AuthenticationX 💫 Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡

Yasser Tahiri 408 Jan 05, 2023
Python module for generating and verifying JSON Web Tokens

python-jwt Module for generating and verifying JSON Web Tokens. Note: From version 2.0.1 the namespace has changed from jwt to python_jwt, in order to

David Halls 210 Dec 24, 2022
Quick and simple security for Flask applications

Note This project is non maintained anymore. Consider the Flask-Security-Too project as an alternative. Flask-Security It quickly adds security featur

Matt Wright 1.6k Dec 19, 2022
蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。

蓝鲸用户管理 简体中文 | English 蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。 总览 架构设计 代码目录 功能 支持多层级的组织架构管理 支持通过多种方式同步数据:OpenLDAP、Microsoft Active Directory(MAD)

腾讯蓝鲸 35 Dec 14, 2022
A Python package, that allows you to acquire your RecNet authorization bearer token with your account credentials!

RecNet-Login This is a Python package, that allows you to acquire your RecNet bearer token with your account credentials! Installation Done via git: p

Jesse 6 Aug 18, 2022
A module making it easier to manage Discord oAuth with Quart

quart_discord A module making it easier to manage Discord oAuth with Quart Install pip install git+https://github.com/xelA/ 5 Oct 27, 2022

Python library for generating a Mastercard API compliant OAuth signature.

oauth1-signer-python Table of Contents Overview Compatibility References Usage Prerequisites Adding the Library to Your Project Importing the Code Loa

23 Aug 01, 2022
Authentication, JWT, and permission scoping for Sanic

Sanic JWT Sanic JWT adds authentication protection and endpoints to Sanic. It is both easy to get up and running, and extensible for the developer. It

Adam Hopkins 229 Jan 05, 2023
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

1k Dec 22, 2022
Local server that gives you your OAuth 2.0 tokens needed to interact with the Conta Azul's API

What's this? This is a django project meant to be run locally that gives you your OAuth 2.0 tokens needed to interact with Conta Azul's API Prerequisi

Fábio David Freitas 3 Apr 13, 2022
An enhanced permission system which support object permission in Django

django-permission Author Alisue [email protected] Supported pytho

Alisue 299 Dec 06, 2022
Simple two factor authemtication system, made by me.

Simple two factor authemtication system, made by me. Honestly, i don't even know How 2FAs work I just used my knowledge and did whatever i could. Send

Refined 5 Jan 04, 2022