Web authentication testing framework

Related tags

Authenticationpythonsecurityauthenticationauthorizationhylangraiderauth
Overview

Raider logo

What is this

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behaviour. Raider aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems.

Note:

Raider is still a work in progress. Bugs and missing features are to be expected. If you find something that doesn't work as expected, open a Github issue and let us know. You can also join the community forum and start asking questions there.

Features

Raider has the goal to support most of the modern authentication systems, and here are some features that other tools don't offer:

  • Unlimited authentication steps
  • Unlimited inputs/outputs for each step
  • Ability to conditionally decide the next step
  • Running arbitrary operations when receiving the response
  • Easy to write custom operations and plugins

How does it work

Raider treats the authentication as a finite state machine. Each authentication step is a different state, with its own inputs and outputs. Those can be cookies, headers, CSRF tokens, or other pieces of information.

Each application needs its own configuration file for Raider to work. The configuration is written in Hylang. The language choice was done for multiple reasons, mainly because it's a Lisp dialect embedded in Python.

Using Lisp was necessarily since sometimes the authentication can get quite complex, and using a static configuration file would've not been enough to cover all the details. Lisp makes it easy to combine code and data, which is exactly what was needed here.

By using a real programming language as a configuration file gives Raider a lot of power, and with great power comes great responsibility. Theoretically one can write entire malware inside the application configuration file, which means you should be careful what's being executed, and not to use configuration files from sources you don't trust. Raider will evaluate everything inside the .hy files, which means if you're not careful you could shoot yourself in the foot and break something on your system.

Installation

Raider is available on PyPi:

$ pip3 install --user raider

Raider's philosophy

Raider was developed with the following goals:

  • To abstract authentication concepts using Python objects.
  • To support most modern web authentication features.
  • To make it easy to add new features for users.

And if you're looking at the code and willing to contribute, keep those in mind:

  • The simpler and cleaner the code, the better.
  • New features should be implemented as Plugins and Operations if possible.
  • The hyfiles should stay as minimal as possible, while still allowing the user to get creative. In the future parts of this code could be autogenerated.

The Documentation is available on Read the Docs.

Come talk to us in the community forum.

Comments
  • Bump importlib-metadata from 4.11.4 to 4.12.0

    Bump importlib-metadata from 4.11.4 to 4.12.0

    Bumps importlib-metadata from 4.11.4 to 4.12.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v4.12.0

    • py-93259: Now raise ValueError when None or an empty string are passed to Distribution.from_name (and other callers).
    Commits
    • 516f2a7 Fix reference in docs build.
    • c8d7285 Merge pull request #391 from python/ghpython-93259/from-name-arg-validation-s...
    • 91b7149 Update changelog
    • c96dc1e Merge branch 'main' into ghpython-93259/from-name-arg-validation-simple
    • f52757d In Distribution.from_name, re-use discover.
    • 344a6ff Refactor Distribution.from_name to avoid return in loop and unnecessary None ...
    • eb19c64 In Distribution.from_name, require a non-empty string. Fixes python/cpython#9...
    • d3fe031 Add comment about the compatibility factor.
    • a4ae953 Add xfail test capturing new expectation.
    • e5b7d87 Merge pull request #390 from python/bugfix/noisy-coverage
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 5
  • Bump pillow from 9.0.1 to 9.1.1

    Bump pillow from 9.0.1 to 9.1.1

    Bumps pillow from 9.0.1 to 9.1.1.

    Release notes

    Sourced from pillow's releases.

    9.1.1

    This release addresses several security problems.

    CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow.

    Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.

    9.1.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.1.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.1.1 (2022-05-17)

    • When reading past the end of a TGA scan line, reduce bytes left. CVE-2022-30595 [radarhere]

    • Do not open images with zero or negative height #6269 [radarhere]

    9.1.0 (2022-04-01)

    • Add support for multiple component transformation to JPEG2000 #5500 [scaramallion, radarhere, hugovk]

    • Fix loading FriBiDi on Alpine #6165 [nulano]

    • Added setting for converting GIF P frames to RGB #6150 [radarhere]

    • Allow 1 mode images to be inverted #6034 [radarhere]

    • Raise ValueError when trying to save empty JPEG #6159 [radarhere]

    • Always save TIFF with contiguous planar configuration #5973 [radarhere]

    • Connected discontiguous polygon corners #5980 [radarhere]

    • Ensure Tkinter hook is activated for getimage() #6032 [radarhere]

    • Use screencapture arguments to crop on macOS #6152 [radarhere]

    • Do not mark L mode JPEG as 1 bit in PDF #6151 [radarhere]

    • Added support for reading I;16R TIFF images #6132 [radarhere]

    • If an error occurs after creating a file, remove the file #6134 [radarhere]

    • Fixed calling DisplayViewer or XVViewer without a title #6136 [radarhere]

    ... (truncated)

    Commits
    • 0f44136 9.1.1 version bump
    • f66f5e1 pre-commit: update Black to fix Click
    • 0153b37 Skip test_realloc_overflow unless libtiff 4.0.4 or higher
    • 6fcd31b Added release notes for 9.1.1
    • c846cc8 When reading past the end of a scan line, reduce bytes left
    • 184b73e Do not open images with zero or negative height
    • 5d07022 Update CHANGES.rst [ci skip]
    • 1e0bc4a 9.1.0 version bump
    • 0606f02 Merge pull request #6168 from hugovk/release-notes
    • 703f54c Merge pull request #5500 from scaramallion/dev-j2k
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump pylint from 2.14.2 to 2.14.3

    Bump pylint from 2.14.2 to 2.14.3

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

    Bumps pylint from 2.14.2 to 2.14.3.

    Commits
    • 680edeb Bump pylint to 2.14.3, update changelog
    • b05ac51 Pin colorama to lowest supported version (#6970)
    • 417e8c3 Fix bad-super-call for non-direct parents (#6956)
    • fb6be59 Fix undefined-variable for __class__ in inner methods (#6957)
    • b9ecb4d Fix false positive for useless-super-delegation for variadics (#6949)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 4.1.1 to 4.1.3

    Bump tox from 4.1.1 to 4.1.3

    Bumps tox from 4.1.1 to 4.1.3.

    Release notes

    Sourced from tox's releases.

    4.1.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.2...4.1.3

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.3 (2023-01-02)

    Bugfixes - 4.1.3

    - Reuse package_env with ``--installpkg`` - by :user:`q0w`. (:issue:`2442`)
- Fail more gracefully when pip :ref:`install_command` is empty - by :user:`jayaddison`. (:issue:`2695`)

    Improved Documentation - 4.1.3

    • Add breaking-change documentation for empty install_command values - by :user:jayaddison. (:issue:2695)

    Misc - 4.1.3

    - :issue:`2796`, :issue:`2797`

    v4.1.2 (2022-12-30)
    

    Bugfixes - 4.1.2

    • Fix --skip-missing-interpreters behaviour - by :user:q0w. (:issue:2649)
    • Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI environment - by :user:gaborbernat. (:issue:2685)
    • Fix extracting extras from markers with many extras - by :user:q0w. (:issue:2791)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.1.1 to 4.1.2

    Bump tox from 4.1.1 to 4.1.2

    Bumps tox from 4.1.1 to 4.1.2.

    Release notes

    Sourced from tox's releases.

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.2 (2022-12-30)

    Bugfixes - 4.1.2

    - Fix ``--skip-missing-interpreters`` behaviour - by :user:`q0w`. (:issue:`2649`)
- Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI
  environment - by :user:`gaborbernat`. (:issue:`2685`)
- Fix extracting extras from markers with many extras - by :user:`q0w`. (:issue:`2791`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.0.2 to 4.0.3

    Bump tox from 4.0.2 to 4.0.3

    Bumps tox from 4.0.2 to 4.0.3.

    Release notes

    Sourced from tox's releases.

    4.0.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.2...4.0.3

    Changelog

    Sourced from tox's changelog.

    v4.0.3 (2022-12-08)

    Bugfixes - 4.0.3

    - Always set environment variable ``PYTHONIOENCODING`` to ``utf-8`` to ensure tox works under Windows custom encodings
  - by :user:`gaborbernat`. (:issue:`2422`)
- Ensure :ref:`change_dir` is created if does not exist before executing :ref:`commands` - by :user:`gaborbernat`. (:issue:`2620`)
- Pass through ``NUMBER_OF_PROCESSORS`` on Windows as is needed for ``multiprocessing.cpu_count`` -
  by :user:`gaborbernat`. (:issue:`2629`)
- The core tox configuration now contains ``host_python`` key showing the host python executable path -
  by :user:`gaborbernat`. (:issue:`2630`)

    Improved Documentation - 4.0.3

    • Document that space separator is no longer valid for the :ref:passenv and instead one should use comma - by :user:gaborbernat. (:issue:2615)
    • Document necessity to escape # within INI configuration - by :user:jugmac00. (:issue:2617)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.5 to 2.15.6

    Bump pylint from 2.15.5 to 2.15.6

    Bumps pylint from 2.15.5 to 2.15.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump mypy from 0.961 to 0.990

    Bump mypy from 0.961 to 0.990

    Bumps mypy from 0.961 to 0.990.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.5

    Bump pylint from 2.15.3 to 2.15.5

    Bumps pylint from 2.15.3 to 2.15.5.

    Commits
    • bb17694 Merge pull request #7660 from cdce8p/release-2.15.5
    • fc7dc5e Bump pylint to 2.15.5, update changelog
    • 8def9a0 [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • 9c239c2 Sort examples/pylintrc for 2.15.5
    • 97ebe0b Sort --generate-rcfile output
    • 1579c43 Use relative paths in create_contributor_list.py (#7656)
    • c2d42ba Remove index from unnecessary-dunder-call check (#7650)
    • e8dc9b6 Swap plugin cache to pickle-able values when done (#7640)
    • b051fab Add regression test for no-member with empty AnnAssign (#7632)
    • 8cbc5a3 Upgrade astroid to 2.12.12 (#7649)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump importlib-metadata from 4.12.0 to 5.0.0

    Bump importlib-metadata from 4.12.0 to 5.0.0

    Bumps importlib-metadata from 4.12.0 to 5.0.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v5.0.0

    • #97, #284, #300: Removed compatibility shims for deprecated entry point interfaces.

    v4.13.0

    • #396: Added compatibility for PathDistributions originating from Python 3.8 and 3.9.
    Commits
    • 009ace3 Merge pull request #405 from python/feature/clean-entry-points
    • ac9ff95 Update documentation around removal of SelectableGroups.
    • 117d1b4 Disable flake8 due to incompatibility.
    • 2135490 Update changelog
    • 6ed01ae Merge removal commits into feature/clean-entry-points
    • dde2b9d Remove support for cast of iterable of entry points to dict. Ref #97.
    • 0c81964 Remove compatibility for EntryPoints.getitem by index.
    • 47544ce Remove DeprecatedList
    • 7e5bae4 Remove SelectableGroups
    • 9a6641b Merge pull request #401 from CAM-Gerlach/add-note-api-docs
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.4

    Bump pylint from 2.15.3 to 2.15.4

    Bumps pylint from 2.15.3 to 2.15.4.

    Commits
    • 20af036 Bump pylint to 2.15.4, update changelog
    • 78f8423 [towncrier] Add whitespaces between fragment in towncrier (#7431)
    • 49e15ab Disambiguate between str and enum member args to typing.Literal (#7414)
    • 07f484f Upgrade astroid version following 2.12.11 release
    • fa63d9b [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • a258854 Raise syntax-error correctly on invalid encodings (#7553)
    • 43ecd7d Fix handling of -- as separator between positional args and flags (#7551)
    • 66ae21c Check py-version for async unnecessary-dunder-call (#7549)
    • 983d5fc Fix crash in modified_iterating checker for set defined as a class attrib...
    • 5c22a79 Prevent redefined-outer-name for if t.TYPE_CHECKING
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.2 to 4.2.3

    Bump tox from 4.2.2 to 4.2.3

    Bumps tox from 4.2.2 to 4.2.3.

    Release notes

    Sourced from tox's releases.

    4.2.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.2...4.2.3

    Changelog

    Sourced from tox's changelog.

    v4.2.3 (2023-01-04)

    Bugfixes - 4.2.3

    - ``devenv`` does not respect the specified path when the package is a wheel file - by :user:`gaborbernat`. (:issue:`2815`)
- Require space after colon before factor filter expansion, unless it is the last character of the line - by :user:`pdecat`. (:issue:`2822`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Create a raider REPL

    Create a raider REPL

    To preserve a session across runs, raider would need to have a REPL, and the user should have the ability to inspect and manipulate all individual elements.

    enhancement architecture 
    opened by danielonsecurity 0
Releases(v0.3.3)

  • v0.3.3(Dec 27, 2022)

    Minor bugfix release.

    • Fix crash when JSON doesn't decode
    • Exit when (Failure) is returned while running multiple Flows from CLI
    • Cookie/Header .from_plugin didn't work after recent changes, this was fixed
    • Use RAIDERPATH environment variable
    Source code(tar.gz)
    Source code(zip)

  • v0.3.2(Dec 13, 2022)

    • Added Print.all Operation to print all HTTP data (request+response)
    • Add the option to run quoted hylang code as operation
    • Clean cache files and other unnecessary stuff from the final package
    Source code(tar.gz)
    Source code(zip)

  • v0.3.1(Dec 10, 2022)

  • v0.3.0(Dec 4, 2022)

    Besides outdated documentation, Raider is now ready to be considered a beta quality software. Many things have changed, and many are still being planned in the near future after the documentation gets updated. Raider started as a framework focused on testing and automating authentication processes, however it has evolved and now it can be used for all kinds of stateful HTTP processes.

    Some major things that have changed since last release are:

    • Raider now has a CLI interface (not fully complete)
    • Graph-like architecture, and there's no need to distinguish between authentication Flows and regular Flows
    • Logging added everywhere
    • New Plugins and Operations
    • No more special variables
    • Simplified Request definitions
    • Fixed many bugs and implemented many smaller features

    The documentation is still being worked on, so if you run into issues, you will have to figure it out from the source code, or wait a little until we update the documentation.

    Source code(tar.gz)
    Source code(zip)
Owner
OWASP
The OWASP Foundation
OWASP
GitHub Repository https://raiderauth.com/
The ultimate Python library in building OAuth, OpenID Connect clients and servers. JWS,JWE,JWK,JWA,JWT included.

Authlib The ultimate Python library in building OAuth and OpenID Connect servers. JWS, JWK, JWA, JWT are included. Authlib is compatible with Python2.

Hsiaoming Yang 3.4k Jan 04, 2023
Customizable User Authorization & User Management: Register, Confirm, Login, Change username/password, Forgot password and more.

Flask-User v1.0 Attention: Flask-User v1.0 is a Production/Stable version. The previous version is Flask-User v0.6. User Authentication and Management

Ling Thio 997 Jan 06, 2023
Flask App With Login

Flask App With Login by FranciscoCharles Este projeto basico é o resultado do estudos de algumas funcionalidades do micro framework Flask do Python. O

Charles 3 Nov 14, 2021
Library - Recent and favorite documents

Thingy Thingy is used to quickly access recent and favorite documents. It's an XApp so it can work in any distribution and many desktop environments (

Linux Mint 23 Sep 11, 2022
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 03, 2023
This script helps you log in to your LMS account and enter the currently running session

This script helps you log in to your LMS account and enter the currently running session, all in a second

Ali Ebrahimi 5 Sep 01, 2022
A flask extension for managing permissions and scopes

Flask-Pundit A simple flask extension to organize resource authorization and scoping. This extension is heavily inspired by the ruby Pundit library. I

Anurag Chaudhury 49 Dec 23, 2022
CheckList-Api - Created with django rest framework and JWT(Json Web Tokens for Authentication)

CheckList Api created with django rest framework and JWT(Json Web Tokens for Aut

shantanu nimkar 1 Jan 24, 2022
Simple two factor authemtication system, made by me.

Simple two factor authemtication system, made by me. Honestly, i don't even know How 2FAs work I just used my knowledge and did whatever i could. Send

Refined 5 Jan 04, 2022
Script that provides your TESLA access_token and refresh_token

TESLA tokens This script helps you get your TESLA access_token and refresh_token in order to connect to third party applications (Teslamate, TeslaFi,

Bun-Ny TAN 3 Apr 28, 2022
Authentication, JWT, and permission scoping for Sanic

Sanic JWT Sanic JWT adds authentication protection and endpoints to Sanic. It is both easy to get up and running, and extensible for the developer. It

Adam Hopkins 229 Jan 05, 2023
Foundation Auth Proxy is an abstraction on Foundations' authentication layer and is used to authenticate requests to Atlas's REST API.

foundations-auth-proxy Setup By default the server runs on http://0.0.0.0:5558. This can be changed via the arguments. Arguments: '-H' or '--host': ho

Dessa - Open Source 2 Jul 03, 2020
Use this to create (admin) personal access token in gitlab database. Mainly used for automation.

gitlab-personal-access-token Ensure PAT is present in gitlab database. This tool is mainly used when you need to automate gitlab installation and conf

CINAQ Internet Technologies 1 Jan 30, 2022
Basic auth for Django.

easy-basicauth WARNING! THIS LIBRARY IS IN PROGRESS! ANYTHING CAN CHANGE AT ANY MOMENT WITHOUT ANY NOTICE! Installation pip install easy-basicauth Usa

bichanna 2 Mar 25, 2022
Authentication testing framework

What is this This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticate

DigeeX 140 Jul 06, 2022
Authentication with fastapi and jwt cd realistic

Authentication with fastapi and jwt cd realistic Dependencies bcrypt==3.1.7 data

Fredh Macau 1 Jan 04, 2022
Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

AuthenticationX 💫 Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡

Yasser Tahiri 408 Jan 05, 2023
An enhanced permission system which support object permission in Django

django-permission Author Alisue [email protected] Supported pytho

Alisue 299 Dec 06, 2022
python implementation of JSON Web Signatures

python-jws 🚨 This is Unmaintained 🚨 This library is unmaintained and you should probably use For histo

Brian J Brennan 57 Apr 18, 2022
python-social-auth and oauth2 support for django-rest-framework

Django REST Framework Social OAuth2 This module provides OAuth2 social authentication support for applications in Django REST Framework. The aim of th

1k Dec 22, 2022