What is forced browsing?

Forced browsing is a technique used to access resources that are not linked by the application but exist on the server, often bypassing intended navigation controls through direct URL manipulation.

Is this skill safe to use on production systems?

This skill should only be used during authorized security assessments, as the high-speed fuzzing techniques involved can generate significant network traffic and log entries.

Which tools are required for this skill?

This skill utilizes industry-standard tools including ffuf, Gobuster, and the SecLists wordlist collection for effective resource discovery and enumeration.

Can this skill find hidden API endpoints?

Yes, it includes specific workflows for enumerating API versions and common endpoints like Swagger UI, GraphQL interfaces, and actuator endpoints.

Does this help with OWASP compliance?

Yes, it directly addresses 'A01:2021 – Broken Access Control', which is the most critical risk category in the current OWASP Top 10.

Forced Browsing Authentication Bypass

Name: Forced Browsing Authentication Bypass
Author: mukul975

bymukul975

•

4,121

•

安全与测试

Identifies and exploits unprotected web pages, APIs, and administrative interfaces through automated directory enumeration and URL fuzzing.

This skill enables security professionals and developers to systematically discover hidden or unlinked resources on web servers that may lack proper authentication controls. By leveraging tools like ffuf and Gobuster, it automates the identification of administrative panels, backup files, and sensitive debug interfaces, providing structured workflows to test for inconsistent access control enforcement across various HTTP methods and path normalization techniques. It is designed to assist in authorized security assessments to ensure that sensitive endpoints are properly hardened against unauthorized access.

主要功能

01Automated directory and file enumeration using high-speed fuzzing tools

02Method-based authentication bypass testing for GET, POST, and PUT variations

03Discovery of sensitive backup files and version control metadata

04Identification of exposed administrative panels and Spring Boot Actuator endpoints

054,121 GitHub stars

06Path normalization and URL encoding bypass detection

使用场景

01Security auditing to ensure consistent session validation across API endpoints

02Authorized penetration testing to find hidden administrative backdoors

03Validation of web server hardening to prevent exposure of sensitive configuration files

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills bypassing-authentication-with-forced-browsing

For use in Claude.ai and ChatGPT

主要功能

01Automated directory and file enumeration using high-speed fuzzing tools

02Method-based authentication bypass testing for GET, POST, and PUT variations

03Discovery of sensitive backup files and version control metadata

04Identification of exposed administrative panels and Spring Boot Actuator endpoints

054,121 GitHub stars

06Path normalization and URL encoding bypass detection

使用场景

01Security auditing to ensure consistent session validation across API endpoints

02Authorized penetration testing to find hidden administrative backdoors

03Validation of web server hardening to prevent exposure of sensitive configuration files

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills bypassing-authentication-with-forced-browsing

For use in Claude.ai and ChatGPT