Web authentication testing framework

Related tags

Authenticationpythonsecurityauthenticationauthorizationhylangraiderauth
Overview

Raider logo

What is this

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behaviour. Raider aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems.

Note:

Raider is still a work in progress. Bugs and missing features are to be expected. If you find something that doesn't work as expected, open a Github issue and let us know. You can also join the community forum and start asking questions there.

Features

Raider has the goal to support most of the modern authentication systems, and here are some features that other tools don't offer:

  • Unlimited authentication steps
  • Unlimited inputs/outputs for each step
  • Ability to conditionally decide the next step
  • Running arbitrary operations when receiving the response
  • Easy to write custom operations and plugins

How does it work

Raider treats the authentication as a finite state machine. Each authentication step is a different state, with its own inputs and outputs. Those can be cookies, headers, CSRF tokens, or other pieces of information.

Each application needs its own configuration file for Raider to work. The configuration is written in Hylang. The language choice was done for multiple reasons, mainly because it's a Lisp dialect embedded in Python.

Using Lisp was necessarily since sometimes the authentication can get quite complex, and using a static configuration file would've not been enough to cover all the details. Lisp makes it easy to combine code and data, which is exactly what was needed here.

By using a real programming language as a configuration file gives Raider a lot of power, and with great power comes great responsibility. Theoretically one can write entire malware inside the application configuration file, which means you should be careful what's being executed, and not to use configuration files from sources you don't trust. Raider will evaluate everything inside the .hy files, which means if you're not careful you could shoot yourself in the foot and break something on your system.

Installation

Raider is available on PyPi:

$ pip3 install --user raider

Raider's philosophy

Raider was developed with the following goals:

  • To abstract authentication concepts using Python objects.
  • To support most modern web authentication features.
  • To make it easy to add new features for users.

And if you're looking at the code and willing to contribute, keep those in mind:

  • The simpler and cleaner the code, the better.
  • New features should be implemented as Plugins and Operations if possible.
  • The hyfiles should stay as minimal as possible, while still allowing the user to get creative. In the future parts of this code could be autogenerated.

The Documentation is available on Read the Docs.

Come talk to us in the community forum.

Comments
  • Bump importlib-metadata from 4.11.4 to 4.12.0

    Bump importlib-metadata from 4.11.4 to 4.12.0

    Bumps importlib-metadata from 4.11.4 to 4.12.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v4.12.0

    • py-93259: Now raise ValueError when None or an empty string are passed to Distribution.from_name (and other callers).
    Commits
    • 516f2a7 Fix reference in docs build.
    • c8d7285 Merge pull request #391 from python/ghpython-93259/from-name-arg-validation-s...
    • 91b7149 Update changelog
    • c96dc1e Merge branch 'main' into ghpython-93259/from-name-arg-validation-simple
    • f52757d In Distribution.from_name, re-use discover.
    • 344a6ff Refactor Distribution.from_name to avoid return in loop and unnecessary None ...
    • eb19c64 In Distribution.from_name, require a non-empty string. Fixes python/cpython#9...
    • d3fe031 Add comment about the compatibility factor.
    • a4ae953 Add xfail test capturing new expectation.
    • e5b7d87 Merge pull request #390 from python/bugfix/noisy-coverage
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 5
  • Bump pillow from 9.0.1 to 9.1.1

    Bump pillow from 9.0.1 to 9.1.1

    Bumps pillow from 9.0.1 to 9.1.1.

    Release notes

    Sourced from pillow's releases.

    9.1.1

    This release addresses several security problems.

    CVE-2022-30595: When reading a TGA file with RLE packets that cross scan lines, Pillow reads the information past the end of the first line without deducting that from the length of the remaining file data. This vulnerability was introduced in Pillow 9.1.0, and can cause a heap buffer overflow.

    Opening an image with a zero or negative height has been found to bypass a decompression bomb check. This will now raise a SyntaxError instead, in turn raising a PIL.UnidentifiedImageError.

    9.1.0

    https://pillow.readthedocs.io/en/stable/releasenotes/9.1.0.html

    Changes

    ... (truncated)

    Changelog

    Sourced from pillow's changelog.

    9.1.1 (2022-05-17)

    • When reading past the end of a TGA scan line, reduce bytes left. CVE-2022-30595 [radarhere]

    • Do not open images with zero or negative height #6269 [radarhere]

    9.1.0 (2022-04-01)

    • Add support for multiple component transformation to JPEG2000 #5500 [scaramallion, radarhere, hugovk]

    • Fix loading FriBiDi on Alpine #6165 [nulano]

    • Added setting for converting GIF P frames to RGB #6150 [radarhere]

    • Allow 1 mode images to be inverted #6034 [radarhere]

    • Raise ValueError when trying to save empty JPEG #6159 [radarhere]

    • Always save TIFF with contiguous planar configuration #5973 [radarhere]

    • Connected discontiguous polygon corners #5980 [radarhere]

    • Ensure Tkinter hook is activated for getimage() #6032 [radarhere]

    • Use screencapture arguments to crop on macOS #6152 [radarhere]

    • Do not mark L mode JPEG as 1 bit in PDF #6151 [radarhere]

    • Added support for reading I;16R TIFF images #6132 [radarhere]

    • If an error occurs after creating a file, remove the file #6134 [radarhere]

    • Fixed calling DisplayViewer or XVViewer without a title #6136 [radarhere]

    ... (truncated)

    Commits
    • 0f44136 9.1.1 version bump
    • f66f5e1 pre-commit: update Black to fix Click
    • 0153b37 Skip test_realloc_overflow unless libtiff 4.0.4 or higher
    • 6fcd31b Added release notes for 9.1.1
    • c846cc8 When reading past the end of a scan line, reduce bytes left
    • 184b73e Do not open images with zero or negative height
    • 5d07022 Update CHANGES.rst [ci skip]
    • 1e0bc4a 9.1.0 version bump
    • 0606f02 Merge pull request #6168 from hugovk/release-notes
    • 703f54c Merge pull request #5500 from scaramallion/dev-j2k
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump pylint from 2.14.2 to 2.14.3

    Bump pylint from 2.14.2 to 2.14.3

    ⚠️ Dependabot is rebasing this PR ⚠️

    Rebasing might not happen immediately, so don't worry if this takes some time.

    Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

    Bumps pylint from 2.14.2 to 2.14.3.

    Commits
    • 680edeb Bump pylint to 2.14.3, update changelog
    • b05ac51 Pin colorama to lowest supported version (#6970)
    • 417e8c3 Fix bad-super-call for non-direct parents (#6956)
    • fb6be59 Fix undefined-variable for __class__ in inner methods (#6957)
    • b9ecb4d Fix false positive for useless-super-delegation for variadics (#6949)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 2
  • Bump tox from 4.1.1 to 4.1.3

    Bump tox from 4.1.1 to 4.1.3

    Bumps tox from 4.1.1 to 4.1.3.

    Release notes

    Sourced from tox's releases.

    4.1.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.2...4.1.3

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.3 (2023-01-02)

    Bugfixes - 4.1.3

    - Reuse package_env with ``--installpkg`` - by :user:`q0w`. (:issue:`2442`)
- Fail more gracefully when pip :ref:`install_command` is empty - by :user:`jayaddison`. (:issue:`2695`)

    Improved Documentation - 4.1.3

    • Add breaking-change documentation for empty install_command values - by :user:jayaddison. (:issue:2695)

    Misc - 4.1.3

    - :issue:`2796`, :issue:`2797`

    v4.1.2 (2022-12-30)
    

    Bugfixes - 4.1.2

    • Fix --skip-missing-interpreters behaviour - by :user:q0w. (:issue:2649)
    • Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI environment - by :user:gaborbernat. (:issue:2685)
    • Fix extracting extras from markers with many extras - by :user:q0w. (:issue:2791)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.1.1 to 4.1.2

    Bump tox from 4.1.1 to 4.1.2

    Bumps tox from 4.1.1 to 4.1.2.

    Release notes

    Sourced from tox's releases.

    4.1.2

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.1.1...4.1.2

    Changelog

    Sourced from tox's changelog.

    v4.1.2 (2022-12-30)

    Bugfixes - 4.1.2

    - Fix ``--skip-missing-interpreters`` behaviour - by :user:`q0w`. (:issue:`2649`)
- Restore tox 3 behaviour of showing the output of pip freeze, however now only active when running inside a CI
  environment - by :user:`gaborbernat`. (:issue:`2685`)
- Fix extracting extras from markers with many extras - by :user:`q0w`. (:issue:`2791`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.0.2 to 4.0.3

    Bump tox from 4.0.2 to 4.0.3

    Bumps tox from 4.0.2 to 4.0.3.

    Release notes

    Sourced from tox's releases.

    4.0.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.0.2...4.0.3

    Changelog

    Sourced from tox's changelog.

    v4.0.3 (2022-12-08)

    Bugfixes - 4.0.3

    - Always set environment variable ``PYTHONIOENCODING`` to ``utf-8`` to ensure tox works under Windows custom encodings
  - by :user:`gaborbernat`. (:issue:`2422`)
- Ensure :ref:`change_dir` is created if does not exist before executing :ref:`commands` - by :user:`gaborbernat`. (:issue:`2620`)
- Pass through ``NUMBER_OF_PROCESSORS`` on Windows as is needed for ``multiprocessing.cpu_count`` -
  by :user:`gaborbernat`. (:issue:`2629`)
- The core tox configuration now contains ``host_python`` key showing the host python executable path -
  by :user:`gaborbernat`. (:issue:`2630`)

    Improved Documentation - 4.0.3

    • Document that space separator is no longer valid for the :ref:passenv and instead one should use comma - by :user:gaborbernat. (:issue:2615)
    • Document necessity to escape # within INI configuration - by :user:jugmac00. (:issue:2617)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.5 to 2.15.6

    Bump pylint from 2.15.5 to 2.15.6

    Bumps pylint from 2.15.5 to 2.15.6.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump mypy from 0.961 to 0.990

    Bump mypy from 0.961 to 0.990

    Bumps mypy from 0.961 to 0.990.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.5

    Bump pylint from 2.15.3 to 2.15.5

    Bumps pylint from 2.15.3 to 2.15.5.

    Commits
    • bb17694 Merge pull request #7660 from cdce8p/release-2.15.5
    • fc7dc5e Bump pylint to 2.15.5, update changelog
    • 8def9a0 [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • 9c239c2 Sort examples/pylintrc for 2.15.5
    • 97ebe0b Sort --generate-rcfile output
    • 1579c43 Use relative paths in create_contributor_list.py (#7656)
    • c2d42ba Remove index from unnecessary-dunder-call check (#7650)
    • e8dc9b6 Swap plugin cache to pickle-able values when done (#7640)
    • b051fab Add regression test for no-member with empty AnnAssign (#7632)
    • 8cbc5a3 Upgrade astroid to 2.12.12 (#7649)
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump importlib-metadata from 4.12.0 to 5.0.0

    Bump importlib-metadata from 4.12.0 to 5.0.0

    Bumps importlib-metadata from 4.12.0 to 5.0.0.

    Changelog

    Sourced from importlib-metadata's changelog.

    v5.0.0

    • #97, #284, #300: Removed compatibility shims for deprecated entry point interfaces.

    v4.13.0

    • #396: Added compatibility for PathDistributions originating from Python 3.8 and 3.9.
    Commits
    • 009ace3 Merge pull request #405 from python/feature/clean-entry-points
    • ac9ff95 Update documentation around removal of SelectableGroups.
    • 117d1b4 Disable flake8 due to incompatibility.
    • 2135490 Update changelog
    • 6ed01ae Merge removal commits into feature/clean-entry-points
    • dde2b9d Remove support for cast of iterable of entry points to dict. Ref #97.
    • 0c81964 Remove compatibility for EntryPoints.getitem by index.
    • 47544ce Remove DeprecatedList
    • 7e5bae4 Remove SelectableGroups
    • 9a6641b Merge pull request #401 from CAM-Gerlach/add-note-api-docs
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump pylint from 2.15.3 to 2.15.4

    Bump pylint from 2.15.3 to 2.15.4

    Bumps pylint from 2.15.3 to 2.15.4.

    Commits
    • 20af036 Bump pylint to 2.15.4, update changelog
    • 78f8423 [towncrier] Add whitespaces between fragment in towncrier (#7431)
    • 49e15ab Disambiguate between str and enum member args to typing.Literal (#7414)
    • 07f484f Upgrade astroid version following 2.12.11 release
    • fa63d9b [doc] Upgrade the contributors list and CONTRIBUTORS.txt
    • a258854 Raise syntax-error correctly on invalid encodings (#7553)
    • 43ecd7d Fix handling of -- as separator between positional args and flags (#7551)
    • 66ae21c Check py-version for async unnecessary-dunder-call (#7549)
    • 983d5fc Fix crash in modified_iterating checker for set defined as a class attrib...
    • 5c22a79 Prevent redefined-outer-name for if t.TYPE_CHECKING
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 1
  • Bump tox from 4.2.2 to 4.2.3

    Bump tox from 4.2.2 to 4.2.3

    Bumps tox from 4.2.2 to 4.2.3.

    Release notes

    Sourced from tox's releases.

    4.2.3

    What's Changed

    Full Changelog: https://github.com/tox-dev/tox/compare/4.2.2...4.2.3

    Changelog

    Sourced from tox's changelog.

    v4.2.3 (2023-01-04)

    Bugfixes - 4.2.3

    - ``devenv`` does not respect the specified path when the package is a wheel file - by :user:`gaborbernat`. (:issue:`2815`)
- Require space after colon before factor filter expansion, unless it is the last character of the line - by :user:`pdecat`. (:issue:`2822`)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies 
    opened by dependabot[bot] 0
  • Create a raider REPL

    Create a raider REPL

    To preserve a session across runs, raider would need to have a REPL, and the user should have the ability to inspect and manipulate all individual elements.

    enhancement architecture 
    opened by danielonsecurity 0
Releases(v0.3.3)

  • v0.3.3(Dec 27, 2022)

    Minor bugfix release.

    • Fix crash when JSON doesn't decode
    • Exit when (Failure) is returned while running multiple Flows from CLI
    • Cookie/Header .from_plugin didn't work after recent changes, this was fixed
    • Use RAIDERPATH environment variable
    Source code(tar.gz)
    Source code(zip)

  • v0.3.2(Dec 13, 2022)

    • Added Print.all Operation to print all HTTP data (request+response)
    • Add the option to run quoted hylang code as operation
    • Clean cache files and other unnecessary stuff from the final package
    Source code(tar.gz)
    Source code(zip)

  • v0.3.1(Dec 10, 2022)

  • v0.3.0(Dec 4, 2022)

    Besides outdated documentation, Raider is now ready to be considered a beta quality software. Many things have changed, and many are still being planned in the near future after the documentation gets updated. Raider started as a framework focused on testing and automating authentication processes, however it has evolved and now it can be used for all kinds of stateful HTTP processes.

    Some major things that have changed since last release are:

    • Raider now has a CLI interface (not fully complete)
    • Graph-like architecture, and there's no need to distinguish between authentication Flows and regular Flows
    • Logging added everywhere
    • New Plugins and Operations
    • No more special variables
    • Simplified Request definitions
    • Fixed many bugs and implemented many smaller features

    The documentation is still being worked on, so if you run into issues, you will have to figure it out from the source code, or wait a little until we update the documentation.

    Source code(tar.gz)
    Source code(zip)
Owner
OWASP
The OWASP Foundation
OWASP
GitHub Repository https://raiderauth.com/
Script that provides your TESLA access_token and refresh_token

TESLA tokens This script helps you get your TESLA access_token and refresh_token in order to connect to third party applications (Teslamate, TeslaFi,

Bun-Ny TAN 3 Apr 28, 2022
Out-of-the-box support register, sign in, email verification and password recovery workflows for websites based on Django and MongoDB

Using djmongoauth What is it? djmongoauth provides out-of-the-box support for basic user management and additional operations including user registrat

hao 3 Oct 21, 2021
Authware API wrapper for Python 3.5+

AuthwarePy Asynchronous wrapper for Authware in Python 3.5+ View our documentation 📲 Installation Run this to install the library via pip: pip instal

Authware 3 Feb 09, 2022
Connect-4-AI - AI that plays Connect-4 using the minimax algorithm

Connect-4-AI Brief overview I coded up the Connect-4 (or four-in-a-row) game in

Favour Okeke 1 Feb 15, 2022
A fully tested, abstract interface to creating OAuth clients and servers.

Note: This library implements OAuth 1.0 and not OAuth 2.0. Overview python-oauth2 is a python oauth library fully compatible with python versions: 2.6

Joe Stump 3k Jan 02, 2023
An extension of django rest framework, providing a configurable password reset strategy

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
Some scripts to utilise device code authorization for phishing.

OAuth Device Code Authorization Phishing Some scripts to utilise device code authorization for phishing. High level overview as per the instructions a

Daniel Underhay 6 Oct 03, 2022
it's a Django application to register and authenticate users using phone number.

django-phone-auth It's a Django application to register and authenticate users using phone number. CustomUser model created using AbstractUser class.

MsudD 4 Nov 29, 2022
Python library for generating a Mastercard API compliant OAuth signature.

oauth1-signer-python Table of Contents Overview Compatibility References Usage Prerequisites Adding the Library to Your Project Importing the Code Loa

23 Aug 01, 2022
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).

Welcome to Corsair_scan Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allow

Santander Security Research 116 Nov 09, 2022
Simple Login - Login Extension for Flask - maintainer @cuducos

Login Extension for Flask The simplest way to add login to flask! Top Contributors Add yourself, send a PR! How it works First install it from PyPI. p

Flask Extensions 181 Jan 01, 2023
This is a Token tool that gives you many options to harm the account.

Trabis-Token-Tool This is a Token tool that gives you many options to harm the account. Utilities With this tools you can do things as : ·Delete all t

Steven 2 Feb 13, 2022
JSON Web Token Authentication support for Django REST Framework

REST framework JWT Auth JSON Web Token Authentication support for Django REST Framework Overview This package provides JSON Web Token Authentication s

Styria Digital Development 178 Jan 02, 2023
Django Authetication with Twitch.

Django Twitch Auth Dependencies Install requests if not installed pip install requests Installation Install using pip pip install django_twitch_auth A

Leandro Lopes Bueno 1 Jan 02, 2022
MikroTik Authentication POCs

Proofs of concept which successfully authenticate with MikroTik Winbox and MAC Telnet servers running on RouterOS version 6.45.1+

Margin Research 56 Dec 08, 2022
Django server for Travel Mate (Project: nomad)

Travel Mate Server (Project: Nomad) Django 2.0 server for Travel Mate Contribute For new feature request in the app, open a new feature request on the

Travel Mate 41 May 29, 2022
Storefront - A store App developed using Django, RESTFul API, JWT

Storefront A store App developed using Django, RESTFul API, JWT. SQLite has been

Muhammad Algshy 1 Jan 07, 2022
Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

AuthenticationX 💫 Ready-to-use and customizable Authentications and Oauth2 management for FastAPI ⚡

Yasser Tahiri 408 Jan 05, 2023
Two factor authentication system using azure services and python language and its api's

FUTURE READY TALENT VIRTUAL INTERSHIP PROJECT PROJECT NAME - TWO FACTOR AUTHENTICATION SYSTEM Resources used: * Azure functions(python)

BHUSHAN SATISH DESHMUKH 1 Dec 10, 2021
A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

OAuthLib - Python Framework for OAuth1 & OAuth2 *A generic, spec-compliant, thorough implementation of the OAuth request-signing logic for Python 3.5+

OAuthlib 2.5k Jan 01, 2023