Authentication testing framework

Related tags

Authenticationsecurityauthenticationhylangdigeex
Overview

What is this

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behaviour. Raider aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems.

Features

Raider has the goal to support most of the modern authentication systems, and for now it has the following features:

  • Unlimited authentication steps
  • Unlimited inputs/outputs for each step
  • Running arbitrary operations when receiving the response
  • Testing under multiple users
  • Writing custom operations and plugins

How does it work

Raider treats the authentication as a finite state machine. Each authentication step is a different state, with its own inputs and outputs. Those can be cookies, headers, CSRF tokens, or other pieces of information.

Each application needs its own configuration file for Raider to work. The configuration is written in Hylang. The language choice was done for multiple reasons, mainly because it's a Lisp dialect embedded in Python.

Using Lisp was necessarily since sometimes the authentication can get quite complex, and using a static configuration file would've not been enough to cover all the details. Lisp makes it easy to combine code and data, which is exactly what was needed here.

By using a real programming language as a configuration file gives Raider a lot of power, and with great power comes great responsibility. Theoretically one can write entire malware inside the application configuration file, which means you should be careful what's being executed, and not to use configuration files from sources you don't trust. Raider will evaluate everything inside the .hy files, which means if you're not careful you could shoot yourself in the foot and break something on your system.

Installation

Raider is available on PyPi:

$ pip3 install --user raider

The Documentation is available on Read the Docs.

Comments
  • Improve Json plugin

    Improve Json plugin

    Json plugin at the moment is quite rudimentary, and doesn't allow extracting the fields inside easily. This needs to be improved for the tool to be usable for applications which use json

    enhancement 
    opened by danielonsecurity 1
  • Create an object to deal with POST bodies

    Create an object to deal with POST bodies

    At the moment Raider only sends the bodies of POST requests in URL encoded form. This is not enough. Creating a new object to allow sending the data in JSON or other formats is necessary.

    enhancement 
    opened by danielonsecurity 1
  • Build request templates

    Build request templates

    Create a new class to hold templates of requests. Those should be used when needing to define multiple similar-looking flows. Instead of redefining each time the same thing with little differences, it'd make the hyfiles cleaner if templates were allowed.

    enhancement 
    opened by danielonsecurity 0
  • Publish to Pypi

    Publish to Pypi

    To make it easier to install the application, it needs to be published on pypi so users can just use pip install and not have to deal with the source.

    enhancement 
    opened by danielonsecurity 0
  • Move input/output classes to plugins

    Move input/output classes to plugins

    Now there's the modules.py file which contain classes that aren't really modules. Cookie and Header classes also act as inputs/outputs. After some brainstorming, I decided to put them all together and move CookieStore and HeaderStore to structures. Everything else that acts as an input and/or output for a Flow will be defined as a Plugin.

    enhancement 
    opened by danielonsecurity 0
  • Allow more than one action to be executed in existing operations

    Allow more than one action to be executed in existing operations

    For example:

    (Grep
  :regex "TWO_FA_REQUIRED"
  :action
  (NextStage "multi_factor")
  :otherwise
  (NextStage "get_access_token"))

    Instead of having only one allowed action like the NextStage here, it would be useful to add more than one, maybe in a list.

    enhancement 
    opened by danielonsecurity 0
  • Improve Headers

    Improve Headers

    For now the Header class is rudimentary, and Basicauth/Bearerauth objects are defined to handle the authentication. Those two should be merged in the Header class somehow. So the goal is to make Header more flexible.

    bug 
    opened by danielonsecurity 0
  • Save and load existing sessions

    Save and load existing sessions

    Instead of authenticating every time from the beginning, build a feature that will allow the user to save the session data and load them later on demand.

    enhancement 
    opened by danielonsecurity 0
  • Improve PostBody to work recursively

    Improve PostBody to work recursively

    At the moment Raider crashes when dealing with JSON data in the PostBody when some of the nested data is a plugin. This is because only the high level plugins are processed in the JSON body. To solve this, the entire JSON body needs to be parsed so that the plugins nested inside other data structures get processed as well.

    opened by danielonsecurity 0
  • Fix character encoding for Basic Auth

    Fix character encoding for Basic Auth

    For now the basic authentication probably works only when ASCII encoding is used. Should default to ISO-8859-1 and use UTF-8 when explicitly requested by the server (see https://datatracker.ietf.org/doc/html/rfc7617).

    bug 
    opened by danielonsecurity 0
  • Manage and create new projects from command line

    Manage and create new projects from command line

    At the moment the only way to create a new project is to manually edit the configuration files. Make it easier for users to start using raider by asking inputs, creating the boilerplate configuration files, and letting them edit it afterwards.

    enhancement 
    opened by danielonsecurity 0
Releases(v0.2.2)

  • v0.2.2(Aug 23, 2021)

    • Split plugins into common, basic, modifiers and parsers.
    • Add Combine modifier.
    • Add UrlParser plugin.
    • Update documentation with new plugin structure.
    Source code(tar.gz)
    Source code(zip)

  • v0.2.1(Aug 3, 2021)

  • v0.2.0(Aug 1, 2021)

    • Added new operations and plugins.
    • Improved existing operations and plugins.
    • Implemented sessions, allowing users to save and load authentication data.
    • Implemented basic fuzzing.
    • Multiple bug fixes.
    • Project directory changed from ~/.config/raider/apps to ~/.config/raider/projects.
    • Updated documentation.
    Source code(tar.gz)
    Source code(zip)

  • v0.1.0(Jul 9, 2021)

Owner
DigeeX
Making the Internet a safer place
DigeeX
GitHub Repository
Flask App With Login

Flask App With Login by FranciscoCharles Este projeto basico é o resultado do estudos de algumas funcionalidades do micro framework Flask do Python. O

Charles 3 Nov 14, 2021
A simple username/password database authentication solution for Streamlit

TL;DR: This is a simple username/password login authentication solution using a backing database. Both SQLite and Airtable are supported.

Arvindra 49 Nov 25, 2022
A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

Simple JWT 3.3k Jan 01, 2023
Beihang University Network Authentication Login

北航自动网络认证使用说明 主文件 gw_buaa.py # @file gw_buaa.py # @author Dong # @date 2022-01-25 # @email windcicada 0 Jul 22, 2022

A Python library to create and validate authentication tokens

handshake A Python library to create and validate authentication tokens. handshake is used to generate and validate arbitrary authentication tokens th

0 Apr 26, 2022
Login qr line & qr image

login-qr-line-qr-image login qr line & qr image python3 & linux ubuntu api source: https://github.com/hert0t/BEAPI-BETA import httpx import qrcode fro

Alif Budiman 1 Dec 27, 2021
it's a Django application to register and authenticate users using phone number.

django-phone-auth It's a Django application to register and authenticate users using phone number. CustomUser model created using AbstractUser class.

MsudD 4 Nov 29, 2022
A Python package, that allows you to acquire your RecNet authorization bearer token with your account credentials!

RecNet-Login This is a Python package, that allows you to acquire your RecNet bearer token with your account credentials! Installation Done via git: p

Jesse 6 Aug 18, 2022
An open source Flask extension that provides JWT support (with batteries included)!

Flask-JWT-Extended Features Flask-JWT-Extended not only adds support for using JSON Web Tokens (JWT) to Flask for protecting views, but also many help

Landon Gilbert-Bland 1.4k Jan 04, 2023
Provide OAuth2 access to your app

django-oml Welcome to the documentation for django-oml! OML means Object Moderation Layer, the idea is to have a mixin model that allows you to modera

Caffeinehit 334 Jul 27, 2022
Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

Microsoft365_devicePhish Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack This is a simple proof-of-concept script that allows an at

Optiv Security 76 Jan 02, 2023
Simple extension that provides Basic, Digest and Token HTTP authentication for Flask routes

Flask-HTTPAuth Simple extension that provides Basic and Digest HTTP authentication for Flask routes. Installation The easiest way to install this is t

Miguel Grinberg 1.1k Jan 05, 2023
Library - Recent and favorite documents

Thingy Thingy is used to quickly access recent and favorite documents. It's an XApp so it can work in any distribution and many desktop environments (

Linux Mint 23 Sep 11, 2022
Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS).

Welcome to Corsair_scan Corsair_scan is a security tool to test Cross-Origin Resource Sharing (CORS) misconfigurations. CORS is a mechanism that allow

Santander Security Research 116 Nov 09, 2022
Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Easy and secure implementation of Azure AD for your FastAPI APIs 🔒 Single- and multi-tenant support.

Intility 220 Jan 05, 2023
API-key based security utilities for FastAPI, focused on simplicity of use

FastAPI simple security API key based security package for FastAPI, focused on simplicity of use: Full functionality out of the box, no configuration

Tolki 154 Jan 03, 2023
PetitPotam - Coerce NTLM authentication from Windows hosts

Python implementation for PetitPotam

ollypwn 137 Dec 28, 2022
Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Welcome to django-allauth! Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (soc

Raymond Penners 7.7k Jan 01, 2023
This python package provides a simple password reset strategy for django rest framework

Django Rest Password Reset This python package provides a simple password reset strategy for django rest framework, where users can request password r

Anexia 363 Dec 24, 2022
蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。

蓝鲸用户管理 简体中文 | English 蓝鲸用户管理是蓝鲸智云提供的企业组织架构和用户管理解决方案,为企业统一登录提供认证源服务。 总览 架构设计 代码目录 功能 支持多层级的组织架构管理 支持通过多种方式同步数据:OpenLDAP、Microsoft Active Directory(MAD)

腾讯蓝鲸 35 Dec 14, 2022