Skip to content
/ authz0 Public

πŸ”‘ Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

License

Notifications You must be signed in to change notification settings

hahwul/authz0

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation


Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

URLs and Roles are managed as YAML-based templates, which can be automatically created and added through authz0. You can also test based on multiple authentication headers and cookies with a template file created/generated once.

authz0-2

πŸ›Έ Key Features

  • Generate scan template $ authz0 new
    • Include URLs
    • Include Roles
    • Include ZAP history (Select URLS > Save Selected Entiries as HAR)
    • Include Burp history (Select URLs > Save item)
    • Include HAR file
  • Easy modify scan template (Role, URL) $ authz0 setUrl $ authz0 setRole authz0 setCred
  • Scanning authorization(access-control) with template $ authz0 scan
  • Support macOS/Windows/Linux and Docker, Github action

πŸš€ Installation

go install

go install github.com/hahwul/authz0@latest

homebrew

brew tap hahwul/authz0
brew install authz0

Need more information? please refer to installation guide

πŸ›Έ Usage

Available Commands:

  completion  Generate the autocompletion script for the specified shell
  help        Help about any command
  new         Generate new template
  scan        Scanning
  setCred     Append Credential to Template
  setRole     Append Role to Template
  setUrl      Append URL to Template
  version     Show version

1. Generate template

authz0 new <filename> [flags]

e.g

authz0 new target.yaml --include-urls urls.txt
authz0 new target.yaml --include-zap zapurls.har
authz0 new target.yaml --include-burp burpurl.xml

2. Modify template

authz0 setCred <filename> [flags]
authz0 setRole <filename> [flags]
authz0 setUrl <filename> [flags]

e.g

authz0 setUrl target.yaml setUrl -u https://www.hahwul.com
authz0 setRole target.yaml -n User1
authz0 setCred target.yaml -n User1 -H "X-API-Key: 1234" -H "TestHeader: 12344"

3. Scanning

authz0 scan <filename> [flags]

e.g

authz0 scan target.yaml
authz0 scan target.yaml -r TestUser1 -H "Cookie: 1234=1234" -H "X-API-Key: 1234555"

Github Actions

Please read https://github.com/hahwul/authz0/tree/main/github-action

πŸ“– Documents

https://authz0.hahwul.com

πŸ€” Question

Please use discussions actively!

πŸ“Œ Changelog

Detailed changes for each release are documented in the release notes.

❀️ Contributing

Authz0's open-source project and made it with ❀️ if you want contribute this project, please see CONTRIBUTING.md and Pull-Request with cool your contents.

About

πŸ”‘ Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Contributors 3

  •  
  •  
  •  

Languages