Authentication testing framework

Last update: Jul 06, 2022

Overview

What is this

This is a framework designed to test authentication for web applications. While web proxies like ZAProxy and Burpsuite allow authenticated tests, they don't provide features to test the authentication process itself, i.e. manipulating the relevant input fields to identify broken authentication. Most authentication bugs in the wild have been found by manually testing it or writing custom scripts that replicate the behaviour. Raider aims to make testing easier, by providing the interface to interact with all important elements found in modern authentication systems.

Features

Raider has the goal to support most of the modern authentication systems, and for now it has the following features:

Unlimited authentication steps
Unlimited inputs/outputs for each step
Running arbitrary operations when receiving the response
Testing under multiple users
Writing custom operations and plugins

How does it work

Raider treats the authentication as a finite state machine. Each authentication step is a different state, with its own inputs and outputs. Those can be cookies, headers, CSRF tokens, or other pieces of information.

Each application needs its own configuration file for Raider to work. The configuration is written in Hylang. The language choice was done for multiple reasons, mainly because it's a Lisp dialect embedded in Python.

Using Lisp was necessarily since sometimes the authentication can get quite complex, and using a static configuration file would've not been enough to cover all the details. Lisp makes it easy to combine code and data, which is exactly what was needed here.

By using a real programming language as a configuration file gives Raider a lot of power, and with great power comes great responsibility. Theoretically one can write entire malware inside the application configuration file, which means you should be careful what's being executed, and not to use configuration files from sources you don't trust. Raider will evaluate everything inside the .hy files, which means if you're not careful you could shoot yourself in the foot and break something on your system.

Installation

Raider is available on PyPi:

$ pip3 install --user raider

The Documentation is available on Read the Docs.

Comments

Improve Json plugin

Json plugin at the moment is quite rudimentary, and doesn't allow extracting the fields inside easily. This needs to be improved for the tool to be usable for applications which use json
enhancement

opened by danielonsecurity 1
Create an object to deal with POST bodies

At the moment Raider only sends the bodies of POST requests in URL encoded form. This is not enough. Creating a new object to allow sending the data in JSON or other formats is necessary.
enhancement

opened by danielonsecurity 1
Build request templates

Create a new class to hold templates of requests. Those should be used when needing to define multiple similar-looking flows. Instead of redefining each time the same thing with little differences, it'd make the hyfiles cleaner if templates were allowed.
enhancement

opened by danielonsecurity 0
Publish to Pypi

To make it easier to install the application, it needs to be published on pypi so users can just use pip install and not have to deal with the source.
enhancement

opened by danielonsecurity 0
Move input/output classes to plugins

Now there's the modules.py file which contain classes that aren't really modules. Cookie and Header classes also act as inputs/outputs. After some brainstorming, I decided to put them all together and move CookieStore and HeaderStore to structures. Everything else that acts as an input and/or output for a Flow will be defined as a Plugin.
enhancement

opened by danielonsecurity 0
Allow more than one action to be executed in existing operations
For example:

(Grep :regex "TWO_FA_REQUIRED" :action (NextStage "multi_factor") :otherwise (NextStage "get_access_token"))

Instead of having only one allowed action like the NextStage here, it would be useful to add more than one, maybe in a list.
enhancement
opened by danielonsecurity 0
Improve Headers

For now the Header class is rudimentary, and Basicauth/Bearerauth objects are defined to handle the authentication. Those two should be merged in the Header class somehow. So the goal is to make Header more flexible.
bug

opened by danielonsecurity 0
Save and load existing sessions

Instead of authenticating every time from the beginning, build a feature that will allow the user to save the session data and load them later on demand.
enhancement

opened by danielonsecurity 0
Improve PostBody to work recursively

At the moment Raider crashes when dealing with JSON data in the PostBody when some of the nested data is a plugin. This is because only the high level plugins are processed in the JSON body. To solve this, the entire JSON body needs to be parsed so that the plugins nested inside other data structures get processed as well.

opened by danielonsecurity 0
Fix character encoding for Basic Auth

For now the basic authentication probably works only when ASCII encoding is used. Should default to ISO-8859-1 and use UTF-8 when explicitly requested by the server (see https://datatracker.ietf.org/doc/html/rfc7617).
bug

opened by danielonsecurity 0
Manage and create new projects from command line

At the moment the only way to create a new project is to manually edit the configuration files. Make it easier for users to start using raider by asking inputs, creating the boilerplate configuration files, and letting them edit it afterwards.
enhancement

opened by danielonsecurity 0

Releases(v0.2.2)

v0.2.2(Aug 23, 2021)
Split plugins into common, basic, modifiers and parsers.

Add Combine modifier.

Add UrlParser plugin.

Update documentation with new plugin structure.

Source code(tar.gz)
Source code(zip)
v0.2.1(Aug 3, 2021)
Improved the fuzzing module.

Added request templates.

Added Combine and Empty plugins.

Fixed many bugs.

Source code(tar.gz)
Source code(zip)
v0.2.0(Aug 1, 2021)
Added new operations and plugins.

Improved existing operations and plugins.

Implemented sessions, allowing users to save and load authentication data.

Implemented basic fuzzing.

Multiple bug fixes.

Project directory changed from ~/.config/raider/apps to ~/.config/raider/projects.

Updated documentation.

Source code(tar.gz)
Source code(zip)
v0.1.0(Jul 9, 2021)

Private release given to only few people to test before making the project public.
Source code(tar.gz)
Source code(zip)

Owner

DigeeX

Making the Internet a safer place

GitHub Repository

Skit-auth - Authorization for skit.ai's platform

skit-auth This is a simple authentication library for Skit's platform. Provides

3 Jan 08, 2022

Per object permissions for Django

django-guardian django-guardian is an implementation of per object permissions [1] on top of Django's authorization backend Documentation Online docum

3.3k Jan 01, 2023

Generate payloads that force authentication against an attacker machine

Hashgrab Generates scf, url & lnk payloads to put onto a smb share. These force authentication to an attacker machine in order to grab hashes (for exa

35 Dec 20, 2022

A JSON Web Token authentication plugin for the Django REST Framework.

Simple JWT Abstract Simple JWT is a JSON Web Token authentication plugin for the Django REST Framework. For full documentation, visit django-rest-fram

3.2k Dec 29, 2022

A simple model based API maker written in Python and based on Django and Django REST Framework

Fast DRF Fast DRF is a small library for making API faster with Django and Django REST Framework. It's easy and configurable. Full Documentation here

18 Oct 05, 2022

Django x Elasticsearch Templates

Django x Elasticsearch Requirements Python 3.7 Django = 3 Elasticsearch 7.15 Setup Elasticsearch Install via brew Install brew tap elastic/tap brew

0 May 22, 2022

Quick and simple security for Flask applications

Note This project is non maintained anymore. Consider the Flask-Security-Too project as an alternative. Flask-Security It quickly adds security featur

1.6k Dec 19, 2022

Simple implementation of authentication in projects using FastAPI

Fast Auth Facilita implementação de um sistema de autenticação básico e uso de uma sessão de banco de dados em projetos com tFastAPi. Instalação e con

3 Jan 08, 2022

A host-guest based app in which host can CREATE the room. and guest can join room with room code and vote for song to skip. User is authenticated using Spotify API

5 May 10, 2022

RSA Cryptography Authentication Proof-of-Concept

RSA Cryptography Authentication Proof-of-Concept This project was a request by Structured Programming lectures in Computer Science college. It runs wi

1 Jan 22, 2022

Brute force a JWT token. Script uses multithreading.

JWT BF Brute force a JWT token. Script uses multithreading. Tested on Kali Linux v2021.4 (64-bit). Made for educational purposes. I hope it will help!

5 Dec 02, 2022

python implementation of JSON Web Signatures

python-jws 🚨 This is Unmaintained 🚨 This library is unmaintained and you should probably use For histo

57 Apr 18, 2022

Login-python - Login system made in Python, using native libraries

2 Jan 28, 2022

Object Moderation Layer

django-oml Welcome to the documentation for django-oml! OML means Object Moderation Layer, the idea is to have a mixin model that allows you to modera

12 Aug 22, 2019

Kube OpenID Connect is an application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster

Kube OpenID Connect is an application that can be used to easily enable authentication flows via OIDC for a kubernetes cluster. Kubernetes supports OpenID Connect Tokens as a way to identify users wh

7 Nov 20, 2022