Authz0 – An Automated Authorization Test Tool. Unauthorized Access Can Be Identified Based On URLs And RolesAnd Credentials
Key Features
- Generate scan template
$ authz0 new- Include URLs
- Include Roles
- Include ZAP history (Select URLS > Save Selected Entiries as HAR)
- Include Burp history (Select URLs > Save item)
- Include HAR file
- Easy modify scan template (Role, URL)
$ authz0 setUrl$ authz0 setRoleauthz0 setCred - Scanning authorization(access-control) with template
$ authz0 scan
Installation
go install
go install github.com/hahwul/authz0@latest
homebrew
brew tap hahwul/authz0
brew install authz0
Need more information? please refer to installation guide
Usage
Available Commands:
completion Generate the autocompletion script for the specified shell
help Help about any command
new Generate new template
scan Scanning
setCred Append Credential to Template
setRole Append Role to Template
setUrl Append URL to Template
version Show version
1. Generate template
authz0 new <filename> [flags]
e.g
authz0 new target.yaml --include-urls urls.txt
authz0 new target.yaml --include-zap zapurls.har
authz0 new target.yaml --include-burp burpurl.xml
2. Modify template
authz0 setCred <filename> [flags]
authz0 setRole <filename> [flags]
authz0 setUrl <filename> [flags]
e.g
authz0 setUrl target.yaml setUrl -u https://www.hahwul.com
authz0 setRole target.yaml -n User1
authz0 setCred target.yaml -n User1 -H "X-API-Key: 1234" -H "TestHeader: 12344"
3. Scanning
authz0 scan <filename> [flags]
e.g
authz0 scan target.yaml
authz0 scan target.yaml -r TestUser1 -H "Cookie: 1234=1234" -H "X-API-Key: 1234555"
Documents
https://authz0.hahwul.com
Question
Please use discussions actively!
Changelog
Detailed changes for each release are documented in the release notes.
Contributing
Authz0’s open-source project and made it with
if you want contribute this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.
Download Authz0
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.
