Establishing Connection...
Collection of authentication bypass techniques packaged as a CLI — JWT attacks, OAuth flaws, SAML misconfigurations, and session fixation.
odivex-tools auth --target https://app.com/login --technique jwt-noneodivex-tools auth --target https://app.com --technique oauth-implicitodivex-tools auth --target https://app.com/saml/acs --technique xml-signature-wrappingInstall via the OdiVex CLI framework:
npm install -g odivex-toolsModern web applications use layered authentication systems — JWT-based APIs, OAuth/OIDC federation, SAML SSO for enterprise. Each layer has its own attack surface, and Auth Bypass Kit covers all of them.
XSW attacks target SAML implementations that verify the signature before parsing the full document. By duplicating the signed element and injecting a malicious sibling, attackers can forge assertions:
odivex-tools auth --target https://app.com/saml/acs \
--technique xml-signature-wrapping \
--role admin \
--saml-response original_response.xml
When OAuth implementations don't validate the state parameter, CSRF attacks against the OAuth flow become trivial:
odivex-tools auth --target https://app.com \
--technique oauth-csrf \
--callback https://app.com/oauth/callback
Further exploration based on cross-referenced content.
From alg:none bypasses to RS256→HS256 confusion attacks — every JWT vulnerability explained with working payloads.
Lightning-fast JSON Web Token inspector for tracking down weak signing signatures and algorithm confusion attacks.
A Server-Side Request Forgery vulnerability in the OAuth callback handler allows attackers to redirect callbacks to internal network endpoints.