Comprehensive playbook for testing authentication mechanisms during security assessments. Covers the full spectrum: SQL injection login bypasses, password reset token flaws, account enumeration via timing and error messages, brute force evasion techniques, and MFA bypass vectors like session cookies set before 2FA completion. Also includes practical credential testing strategies with service-specific default lists and port prioritization. The structure is methodical, each section has concrete payloads and test cases you can run immediately. This is focused on the login flow itself, not JWT or OAuth token attacks which are handled separately. Good reference when you need to systematically test auth controls and document findings.
npx skills add https://github.com/yaklang/hack-skills --skill authbypass-authentication-flaws