awesome-repositories.com
Blog
awesome-repositories.com

Descubre los mejores repositorios open-source con nuestra búsqueda potenciada por IA.

ExplorarBúsquedas curadasAlternativas open-sourceSoftware autohospedableBlogMapa del sitio
ProyectoAcerca deCómo clasificamosPrensaServidor MCP
Aviso legalPrivacidadTérminos
© 2026 Bringes Technology SRL·VAT RO45896025·hello@awesome-repositories.com
·

6 repositorios

Awesome GitHub RepositoriesMulti-Factor Authentication Bypass Testing

Tools for evaluating the resilience of authentication workflows against session cookie hijacking and secondary verification bypass.

Distinct from Multi-Factor Authentication: Distinct from Multi-Factor Authentication: focuses on testing bypass vulnerabilities rather than implementing MFA protocols.

Explore 6 awesome GitHub repositories matching security & cryptography · Multi-Factor Authentication Bypass Testing. Refine with filters or upvote what's useful.

Awesome Multi-Factor Authentication Bypass Testing GitHub Repositories

Encuentra los mejores repositorios con IA.Buscaremos los repositorios que mejor coincidan usando IA.
  • kgretzky/evilginx2Avatar de kgretzky

    kgretzky/evilginx2

    14,627Ver en GitHub↗

    Evilginx2 is a man-in-the-middle phishing framework designed to proxy authentication traffic between a user and a target web service. By acting as a reverse proxy, the tool intercepts and relays web requests to capture credentials and session tokens in real time, enabling the bypass of multi-factor authentication mechanisms through session cookie hijacking. The platform distinguishes itself by integrating infrastructure orchestration with modular template-driven content injection. It automates the deployment of proxy servers, manages the lifecycle of encryption certificates, and applies conte

    | Testing the resilience of authentication workflows against man-in-the-middle attacks that attempt to capture session cookies and bypass secondary verification.

    Go
    Ver en GitHub↗14,627
  • daffainfo/allaboutbugbountyAvatar de daffainfo

    daffainfo/AllAboutBugBounty

    6,644Ver en GitHub↗

    AllAboutBugBounty is a curated collection of bug bounty techniques and payloads for web application security testing. It serves as a reference resource covering common web vulnerabilities and exploitation methods for security researchers, providing a structured approach to identifying and exploiting web application security flaws in bug bounty programs. The repository covers a wide range of attack categories including authentication bypass, cross-site scripting injection, server-side request forgery, web cache poisoning, and business logic abuse. It includes techniques for bypassing access co

    Documents techniques for circumventing two-factor authentication using session hijacking or code reuse.

    bugbugbountybugbountytips
    Ver en GitHub↗6,644
  • drk1wi/modlishkaAvatar de drk1wi

    drk1wi/Modlishka

    5,273Ver en GitHub↗

    Modlishka is a man-in-the-middle reverse proxy framework designed for automated phishing campaigns. It dynamically generates valid TLS certificates for target domains, aggregates traffic from multiple domains through a single proxy, and injects custom scripts into proxied responses. The framework operates transparently without requiring client-side certificate installation and relays two-factor authentication steps to capture secondary verification tokens. What sets Modlishka apart is its ability to automate the entire credential theft process. It logs all form submissions, headers, and cooki

    Automatically handles common 2FA schemes during proxied sessions to capture credentials despite extra verification steps.

    Goeducationalmitmpenetration-testing-tools
    Ver en GitHub↗5,273
  • undeadsec/socialfishAvatar de UndeadSec

    UndeadSec/SocialFish

    4,764Ver en GitHub↗

    SocialFish es una herramienta de recolección de credenciales y framework de phishing diseñado para interceptar nombres de usuario, contraseñas y códigos de autenticación de dos factores a través de páginas web engañosas. Funciona como una plataforma de ingeniería social y herramienta de recopilación de información utilizada para obtener datos de objetivos e información del sistema para investigación de seguridad y pruebas de penetración. El sistema utiliza un proxy inverso para tunelizar el tráfico de red y capturar solicitudes HTTP y cookies de sesión en tiempo real. Cuenta con un panel de operador en vivo para interceptar contraseñas de un solo uso y emplea clonación basada en navegador para replicar páginas de autenticación. La plataforma proporciona capacidades para el monitoreo de campañas de phishing, incluyendo el seguimiento de direcciones IP de las víctimas, geolocalización y huellas digitales de dispositivos. También incluye herramientas para gestionar plantillas de clonación y enviar notificaciones de webhook en tiempo real cuando se capturan credenciales.

    Intercepts one-time passwords and session cookies in real time to overcome two-factor security measures.

    CSS
    Ver en GitHub↗4,764
  • specterops/bloodhoundAvatar de SpecterOps

    SpecterOps/BloodHound

    2,789Ver en GitHub↗

    BloodHound is an identity risk management platform and graph-based attack path analyzer used to map identity relationships and permissions in Active Directory. It functions as a security tool for auditing directory services, uncovering unintended privilege relationships, and visualizing sequences of permissions that can lead to domain compromise. The project differentiates itself as a comprehensive adversary emulation framework that coordinates remote agents and executes post-exploitation commands. It includes a reverse proxy for bypassing multi-factor authentication via real-time session hij

    Uses a reverse proxy to capture real-time session data and hijack cookies to bypass multi-factor authentication.

    Go
    Ver en GitHub↗2,789
  • ssh-mitm/ssh-mitmAvatar de ssh-mitm

    ssh-mitm/ssh-mitm

    1,457Ver en GitHub↗

    Este proyecto es un framework de proxy transparente diseñado para la interceptación, análisis y manipulación de tráfico SSH. Al terminar las conexiones de cliente y servidor de forma independiente, proporciona visibilidad total de las sesiones cifradas, permitiendo monitorear flujos de autenticación, transferencias de archivos y ejecución de comandos en tiempo real. La herramienta destaca por su arquitectura modular basada en plugins que permite a los usuarios inyectar lógica de interceptación personalizada en el flujo de trabajo del proxy. Admite la creación de entornos efímeros y agentes simulados en memoria, facilitando la simulación de escenarios de seguridad y la prueba de robustez de la autenticación sin necesidad de infraestructura externa. El framework cubre una amplia superficie de capacidades, incluyendo la auditoría del comportamiento de seguridad del cliente, la captura de credenciales de autenticación y la inspección de protocolos de red encapsulados como túneles y operaciones de gestión remota. También proporciona controles operativos para gestionar sesiones concurrentes y mantener la paridad de sesión mediante el reenvío de señales de terminal.

    Intercepts authentication requests to establish sessions using basic credentials, bypassing hardware-based multi-factor confirmations.

    Pythonmitmmitm-attacksmitm-server
    Ver en GitHub↗1,457
  1. Home
  2. Security & Cryptography
  3. Multi-Factor Authentication Bypass Testing

Explorar subetiquetas

  • Active 2FA Bypass ProxiesTransparent proxies that relay two-factor authentication steps to capture verification tokens. **Distinct from Multi-Factor Authentication Bypass Testing:** Distinct from Multi-Factor Authentication Bypass Testing: actively relays 2FA flows rather than testing vulnerability to bypass.
  • Rate Limit Bypass for 2FA1 sub-etiquetaTechniques that repeatedly submit 2FA codes without throttling to brute-force the verification step. **Distinct from Multi-Factor Authentication Bypass Testing:** Distinct from Multi-Factor Authentication Bypass Testing: focuses specifically on bypassing rate limits during 2FA code submission rather than general MFA bypass testing.
  • Response Tampering BypassesModifies server responses to trick clients into accepting failed authentication attempts. **Distinct from Multi-Factor Authentication Bypass Testing:** Distinct from Multi-Factor Authentication Bypass Testing: focuses on response manipulation rather than session hijacking or code reuse.