This walks you through authentication testing like you're following an OWASP checklist: password policy checks, brute forcing with Hydra and Burp, session token analysis, MFA bypass techniques, and password reset vulnerabilities. It's got practical commands and HTTP examples for each phase, from credential stuffing to session fixation tests. The API version downgrade attack for bypassing OTP rate limits is a nice touch. You'd use this during pentests or security assessments when you need structured methodology rather than scattered攻击 attempts. Assumes you already know Burp Suite and have authorization to test, because it's pretty aggressive stuff. Heavy on reconnaissance and exploitation workflows, light on remediation depth.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill broken-authentication-testing