Web authentication testing framework

Related tags

Authenticationpythonsecurityauthenticationauthorizationhylangraiderauth
Overview

Raider logo

What is this

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behaviour. Raider aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems.

Note:

Raider is still a work in progress. Bugs and missing features are to be expected. If you find something that doesn't work as expected, open a Github issue and let us know. You can also join the community forum and start asking questions there.

Features

Raider has the goal to support most of the modern authentication systems, and here are some features that other tools don't offer:

  • Unlimited authentication steps
  • Unlimited inputs/outputs for each step
  • Ability to conditionally decide the next step
  • Running arbitrary operations when receiving the response
  • Easy to write custom operations and plugins

How does it work

Raider treats the authentication as a finite state machine. Each authentication step is a different state, with its own inputs and outputs. Those can be cookies, headers, CSRF tokens, or other pieces of information.

Each application needs its own configuration file for Raider to work. The configuration is written in Hylang. The language choice was done for multiple reasons, mainly because it's a Lisp dialect embedded in Python.

Using Lisp was necessarily since sometimes the authentication can get quite complex, and using a static configuration file would've not been enough to cover all the details. Lisp makes it easy to combine code and data, which is exactly what was needed here.

By using a real programming language as a configuration file gives Raider a lot of power, and with great power comes great responsibility. Theoretically one can write entire malware inside the application configuration file, which means you should be careful what's being executed, and not to use configuration files from sources you don't trust. Raider will evaluate everything inside the .hy files, which means if you're not careful you could shoot yourself in the foot and break something on your system.

Installation

Raider is available on PyPi:

$ pip3 install --user raider

Raider's philosophy

Raider was developed with the following goals:

  • To abstract authentication concepts using Python objects.
  • To support most modern web authentication features.
  • To make it easy to add new features for users.

And if you're looking at the code and willing to contribute, keep those in mind:

  • The simpler and cleaner the code, the better.
  • New features should be implemented as Plugins and Operations if possible.
  • The hyfiles should stay as minimal as possible, while still allowing the user to get creative. In the future parts of this code could be autogenerated.

The Documentation is available on Read the Docs.

Come talk to us in the community forum.

Comments
  • Bump importlib-metadata from 4.11.4 to 4.12.0

    Bump importlib-metadata from 4.11.4 to 4.12.0

    Bumps importlib-metadata from 4.11.4 to 4.12.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v4.12.0

    • py-93259: Now raise ValueError when None or an empty string are passed to Distribution.from_name (and other callers).
    Commits
    • 516f2a7 Fix reference in docs build.
    • c8d7285 Merge pull request #391 from python/ghpython-93259/from-name-arg-validation-s...
    • 91b7149 Update changelog
    • c96dc1e Merge branch 'main' into ghpython-93259/from-name-arg-validation-simple
    • f52757d In Distribution.from_name, re-use discover.
    • 344a6ff Refactor Distribution.from_name to avoid return in loop and unnecessary None ...
    • eb19c64 In Distribution.from_name, require a non-empty string. Fixes python/cpython#9...
    • d3fe031 Add comment about the compatibility factor.
    • a4ae953 Add xfail test capturing new expectation.
    • e5b7d87 Merge pull request #390 from python/bugfix/noisy-coverage
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 5
  • Bump pillow from 9.0.1 to 9.1.1

    Bump pillow from 9.0.1 to 9.1.1

    Bumps pillow from 9.0.1 to 9.1.1.

    Release notes

    Sourced from pillow's releases.

    9.1.1

    This release addresses several security problems.

    CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow.

    Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.

    9.1.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.1.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.1.1 (2022-05-17)

    • When reading past the end of a TGA scan line, reduce bytes left. CVE-2022-30595 [radarhere]

    • Do not open images with zero or negative height #6269 [radarhere]

    9.1.0 (2022-04-01)

    • Add support for multiple component transformation to JPEG2000 #5500 [scaramallion, radarhere, hugovk]

    • Fix loading FriBiDi on Alpine #6165 [nulano]

    • Added setting for converting GIF P frames to RGB #6150 [radarhere]

    • Allow 1 mode images to be inverted #6034 [radarhere]

    • Raise ValueError when trying to save empty JPEG #6159 [radarhere]

    • Always save TIFF with contiguous planar configuration #5973 [radarhere]

    • Connected discontiguous polygon corners #5980 [radarhere]

    • Ensure Tkinter hook is activated for getimage() #6032 [radarhere]

    • Use screencapture arguments to crop on macOS #6152 [radarhere]

    • Do not mark L mode JPEG as 1 bit in PDF #6151 [radarhere]

    • Added support for reading I;16R TIFF images #6132 [radarhere]

    • If an error occurs after creating a file, remove the file #6134 [radarhere]

    • Fixed calling DisplayViewer or XVViewer without a title #6136 [radarhere]

    ... (truncated)

    Commits
    • 0f44136 9.1.1 version bump
    • f66f5e1 pre-commit: update Black to fix Click
    • 0153b37 Skip test_realloc_overflow unless libtiff 4.0.4 or higher
    • 6fcd31b Added release notes for 9.1.1
    • c846cc8 When reading past the end of a scan line, reduce bytes left
    • 184b73e Do not open images with zero or negative height
    • 5d07022 Update CHANGES.rst [ci skip]
    • 1e0bc4a 9.1.0 version bump
    • 0606f02 Merge pull request #6168 from hugovk/release-notes
    • 703f54c Merge pull request #5500 from scaramallion/dev-j2k
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump pylint from 2.14.2 to 2.14.3

    Bump pylint from 2.14.2 to 2.14.3

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

    Bumps pylint from 2.14.2 to 2.14.3.

    Commits
    • 680edeb Bump pylint to 2.14.3, update changelog
    • b05ac51 Pin colorama to lowest supported version (#6970)
    • 417e8c3 Fix bad-super-call for non-direct parents (#6956)
    • fb6be59 Fix undefined-variable for __class__ in inner methods (#6957)
    • b9ecb4d Fix false positive for useless-super-delegation for variadics (#6949)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 4.1.1 to 4.1.3

    Bump tox from 4.1.1 to 4.1.3

    Bumps tox from 4.1.1 to 4.1.3.

    Release notes

    Sourced from tox's releases.

    4.1.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.2...4.1.3

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.3 (2023-01-02)

    Bugfixes - 4.1.3

    - Reuse package_env with ``--installpkg`` - by :user:`q0w`. (:issue:`2442`)
- Fail more gracefully when pip :ref:`install_command` is empty - by :user:`jayaddison`. (:issue:`2695`)

    Improved Documentation - 4.1.3

    • Add breaking-change documentation for empty install_command values - by :user:jayaddison. (:issue:2695)

    Misc - 4.1.3

    - :issue:`2796`, :issue:`2797`

    v4.1.2 (2022-12-30)
    

    Bugfixes - 4.1.2

    • Fix --skip-missing-interpreters behaviour - by :user:q0w. (:issue:2649)
    • Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI environment - by :user:gaborbernat. (:issue:2685)
    • Fix extracting extras from markers with many extras - by :user:q0w. (:issue:2791)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.1.1 to 4.1.2

    Bump tox from 4.1.1 to 4.1.2

    Bumps tox from 4.1.1 to 4.1.2.

    Release notes

    Sourced from tox's releases.

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.2 (2022-12-30)

    Bugfixes - 4.1.2

    - Fix ``--skip-missing-interpreters`` behaviour - by :user:`q0w`. (:issue:`2649`)
- Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI
  environment - by :user:`gaborbernat`. (:issue:`2685`)
- Fix extracting extras from markers with many extras - by :user:`q0w`. (:issue:`2791`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.0.2 to 4.0.3

    Bump tox from 4.0.2 to 4.0.3

    Bumps tox from 4.0.2 to 4.0.3.

    Release notes

    Sourced from tox's releases.

    4.0.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.2...4.0.3

    Changelog

    Sourced from tox's changelog.

    v4.0.3 (2022-12-08)

    Bugfixes - 4.0.3

    - Always set environment variable ``PYTHONIOENCODING`` to ``utf-8`` to ensure tox works under Windows custom encodings
  - by :user:`gaborbernat`. (:issue:`2422`)
- Ensure :ref:`change_dir` is created if does not exist before executing :ref:`commands` - by :user:`gaborbernat`. (:issue:`2620`)
- Pass through ``NUMBER_OF_PROCESSORS`` on Windows as is needed for ``multiprocessing.cpu_count`` -
  by :user:`gaborbernat`. (:issue:`2629`)
- The core tox configuration now contains ``host_python`` key showing the host python executable path -
  by :user:`gaborbernat`. (:issue:`2630`)

    Improved Documentation - 4.0.3

    • Document that space separator is no longer valid for the :ref:passenv and instead one should use comma - by :user:gaborbernat. (:issue:2615)
    • Document necessity to escape # within INI configuration - by :user:jugmac00. (:issue:2617)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.5 to 2.15.6

    Bump pylint from 2.15.5 to 2.15.6

    Bumps pylint from 2.15.5 to 2.15.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump mypy from 0.961 to 0.990

    Bump mypy from 0.961 to 0.990

    Bumps mypy from 0.961 to 0.990.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.5

    Bump pylint from 2.15.3 to 2.15.5

    Bumps pylint from 2.15.3 to 2.15.5.

    Commits
    • bb17694 Merge pull request #7660 from cdce8p/release-2.15.5
    • fc7dc5e Bump pylint to 2.15.5, update changelog
    • 8def9a0 [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • 9c239c2 Sort examples/pylintrc for 2.15.5
    • 97ebe0b Sort --generate-rcfile output
    • 1579c43 Use relative paths in create_contributor_list.py (#7656)
    • c2d42ba Remove index from unnecessary-dunder-call check (#7650)
    • e8dc9b6 Swap plugin cache to pickle-able values when done (#7640)
    • b051fab Add regression test for no-member with empty AnnAssign (#7632)
    • 8cbc5a3 Upgrade astroid to 2.12.12 (#7649)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump importlib-metadata from 4.12.0 to 5.0.0

    Bump importlib-metadata from 4.12.0 to 5.0.0

    Bumps importlib-metadata from 4.12.0 to 5.0.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v5.0.0

    • #97, #284, #300: Removed compatibility shims for deprecated entry point interfaces.

    v4.13.0

    • #396: Added compatibility for PathDistributions originating from Python 3.8 and 3.9.
    Commits
    • 009ace3 Merge pull request #405 from python/feature/clean-entry-points
    • ac9ff95 Update documentation around removal of SelectableGroups.
    • 117d1b4 Disable flake8 due to incompatibility.
    • 2135490 Update changelog
    • 6ed01ae Merge removal commits into feature/clean-entry-points
    • dde2b9d Remove support for cast of iterable of entry points to dict. Ref #97.
    • 0c81964 Remove compatibility for EntryPoints.getitem by index.
    • 47544ce Remove DeprecatedList
    • 7e5bae4 Remove SelectableGroups
    • 9a6641b Merge pull request #401 from CAM-Gerlach/add-note-api-docs
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.4

    Bump pylint from 2.15.3 to 2.15.4

    Bumps pylint from 2.15.3 to 2.15.4.

    Commits
    • 20af036 Bump pylint to 2.15.4, update changelog
    • 78f8423 [towncrier] Add whitespaces between fragment in towncrier (#7431)
    • 49e15ab Disambiguate between str and enum member args to typing.Literal (#7414)
    • 07f484f Upgrade astroid version following 2.12.11 release
    • fa63d9b [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • a258854 Raise syntax-error correctly on invalid encodings (#7553)
    • 43ecd7d Fix handling of -- as separator between positional args and flags (#7551)
    • 66ae21c Check py-version for async unnecessary-dunder-call (#7549)
    • 983d5fc Fix crash in modified_iterating checker for set defined as a class attrib...
    • 5c22a79 Prevent redefined-outer-name for if t.TYPE_CHECKING
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.2 to 4.2.3

    Bump tox from 4.2.2 to 4.2.3

    Bumps tox from 4.2.2 to 4.2.3.

    Release notes

    Sourced from tox's releases.

    4.2.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.2...4.2.3

    Changelog

    Sourced from tox's changelog.

    v4.2.3 (2023-01-04)

    Bugfixes - 4.2.3

    - ``devenv`` does not respect the specified path when the package is a wheel file - by :user:`gaborbernat`. (:issue:`2815`)
- Require space after colon before factor filter expansion, unless it is the last character of the line - by :user:`pdecat`. (:issue:`2822`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Create a raider REPL

    Create a raider REPL

    To preserve a session across runs, raider would need to have a REPL, and the user should have the ability to inspect and manipulate all individual elements.

    enhancement architecture 
    opened by danielonsecurity 0
Releases(v0.3.3)

  • v0.3.3(Dec 27, 2022)

    Minor bugfix release.

    • Fix crash when JSON doesn't decode
    • Exit when (Failure) is returned while running multiple Flows from CLI
    • Cookie/Header .from_plugin didn't work after recent changes, this was fixed
    • Use RAIDERPATH environment variable
    Source code(tar.gz)
    Source code(zip)

  • v0.3.2(Dec 13, 2022)

    • Added Print.all Operation to print all HTTP data (request+response)
    • Add the option to run quoted hylang code as operation
    • Clean cache files and other unnecessary stuff from the final package
    Source code(tar.gz)
    Source code(zip)

  • v0.3.1(Dec 10, 2022)

  • v0.3.0(Dec 4, 2022)

    Besides outdated documentation, Raider is now ready to be considered a beta quality software. Many things have changed, and many are still being planned in the near future after the documentation gets updated. Raider started as a framework focused on testing and automating authentication processes, however it has evolved and now it can be used for all kinds of stateful HTTP processes.

    Some major things that have changed since last release are:

    • Raider now has a CLI interface (not fully complete)
    • Graph-like architecture, and there's no need to distinguish between authentication Flows and regular Flows
    • Logging added everywhere
    • New Plugins and Operations
    • No more special variables
    • Simplified Request definitions
    • Fixed many bugs and implemented many smaller features

    The documentation is still being worked on, so if you run into issues, you will have to figure it out from the source code, or wait a little until we update the documentation.

    Source code(tar.gz)
    Source code(zip)
Owner
OWASP
The OWASP Foundation
OWASP
GitHub Repository https://raiderauth.com/
Simple two factor authemtication system, made by me.

Simple two factor authemtication system, made by me. Honestly, i don't even know How 2FAs work I just used my knowledge and did whatever i could. Send

Refined 5 Jan 04, 2022
Storefront - A store App developed using Django, RESTFul API, JWT

Storefront A store App developed using Django, RESTFul API, JWT. SQLite has been

Muhammad Algshy 1 Jan 07, 2022
Kube OpenID Connect is an application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster

Kube OpenID Connect is an application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster. Kubernetes supports OpenID Connect Tokens as a way to identify users wh

7 Nov 20, 2022
OpenStack Keystone auth plugin for HTTPie

httpie-keystone-auth OpenStack Keystone auth plugin for HTTPie. Installation $ pip install --upgrade httpie-keystone-auth You should now see keystone

Pavlo Shchelokovskyy 1 Oct 20, 2021
This is a Python library for accessing resources protected by OAuth 2.0.

This is a client library for accessing resources protected by OAuth 2.0. Note: oauth2client is now deprecated. No more features will be added to the l

Google APIs 787 Dec 13, 2022
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

OAuthLib - Python Framework for OAuth1 & OAuth2 *A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.5+

OAuthlib 2.5k Jan 02, 2023
Implementation of Supervised Contrastive Learning with AMP, EMA, SWA, and many other tricks

SupCon-Framework The repo is an implementation of Supervised Contrastive Learning. It's based on another implementation, but with several differencies

Ivan Panshin 132 Dec 14, 2022
MikroTik Authentication POCs

Proofs of concept which successfully authenticate with MikroTik Winbox and MAC Telnet servers running on RouterOS version 6.45.1+

Margin Research 56 Dec 08, 2022
This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes

SyscallExtractorAnalyzer This script will pull and analyze syscalls in given application(s) allowing for easier security research purposes Goals Teach

Truvis Thornton 18 Jul 09, 2022
JWT Key Confusion PoC (CVE-2015-9235) Written for the Hack the Box challenge - Under Construction

JWT Key Confusion PoC (CVE-2015-9235) Written for the Hack the Box challenge - Under Construction This script performs a Java Web Token Key Confusion

Alex Fronteddu 1 Jan 13, 2022
Awesome Django authorization, without the database

rules rules is a tiny but powerful app providing object-level permissions to Django, without requiring a database. At its core, it is a generic framew

1.6k Dec 30, 2022
RSA Cryptography Authentication Proof-of-Concept

RSA Cryptography Authentication Proof-of-Concept This project was a request by Structured Programming lectures in Computer Science college. It runs wi

Dennys Marcos 1 Jan 22, 2022
Login qr line & qr image

login-qr-line-qr-image login qr line & qr image python3 & linux ubuntu api source: https://github.com/hert0t/BEAPI-BETA import httpx import qrcode fro

Alif Budiman 1 Dec 27, 2021
A JOSE implementation in Python

python-jose A JOSE implementation in Python Docs are available on ReadTheDocs. The JavaScript Object Signing and Encryption (JOSE) technologies - JSON

Michael Davis 1.2k Dec 28, 2022
Flask JWT Router is a Python library that adds authorised routes to a Flask app.

Read the docs: Flask-JWT-Router Flask JWT Router Flask JWT Router is a Python library that adds authorised routes to a Flask app. Both basic & Google'

Joe Gasewicz 52 Jan 03, 2023
API-key based security utilities for FastAPI, focused on simplicity of use

FastAPI simple security API key based security package for FastAPI, focused on simplicity of use: Full functionality out of the box, no configuration

Tolki 154 Jan 03, 2023
Simplifying third-party authentication for web applications.

Velruse is a set of authentication routines that provide a unified way to have a website user authenticate to a variety of different identity provider

Ben Bangert 253 Nov 14, 2022
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 03, 2023
Graphical Password Authentication System.

Graphical Password Authentication System. This is used to increase the protection/security of a website. Our system is divided into further 4 layers of protection. Each layer is totally different and

Hassan Shahzad 12 Dec 16, 2022
This script helps you log in to your LMS account and enter the currently running session

This script helps you log in to your LMS account and enter the currently running session, all in a second

Ali Ebrahimi 5 Sep 01, 2022