Kali Linux

Authz0 : An Automated Authorization Test Tool

Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once.

Key Features

  • Generate scan template $ authz0 new
    • Include URLs
    • Include Roles
    • Include ZAP history (Select URLS > Save Selected Entiries as HAR)
    • Include Burp history (Select URLs > Save item)
    • Include HAR file
  • Easy modify scan template (Role, URL) $ authz0 setUrl $ authz0 setRole authz0 setCred
  • Scanning authorization(access-control) with template $ authz0 scan

Installation

go install

go install github.com/hahwul/authz0@latest

homebrew

brew tap hahwul/authz0
brew install authz0

Usage

Available Commands:

completion Generate the autocompletion script for the specified shell
help Help about any command
new Generate new template
scan Scanning
setCred Append Credential to Template
setRole Append Role to Template
setUrl Append URL to Template
version Show version

Generate template

authz0 new [flags]

e.g

authz0 new target.yaml –include-urls urls.txt
authz0 new target.yaml –include-zap zapurls.har
authz0 new target.yaml –include-burp burpurl.xml

Modify template

authz0 setCred [flags]
authz0 setRole [flags]
authz0 setUrl [flags]

e.g

authz0 setUrl target.yaml setUrl -u https://www.hahwul.com
authz0 setRole target.yaml -n User1
authz0 setCred target.yaml -n User1 -H “X-API-Key: 1234” -H “TestHeader: 12344”

Scanning

authz0 scan [flags]

e.g

authz0 scan target.yaml
authz0 scan target.yaml -r TestUser1 -H “Cookie: 1234=1234” -H “X-API-Key: 1234555”

R K

Recent Posts

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

9 hours ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

11 hours ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

12 hours ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

12 hours ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

13 hours ago

Cybersecurity – Tools And Their Function

Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…

1 day ago