password-reset-poisoning
OfficialBypass password resets and gain account access.
Software Engineering#penetration testing#web security#password reset#account takeover#host header poisoning#token theft
Authorblacklanternsecurity
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill helps penetration testers exploit vulnerabilities in password reset functionalities to gain unauthorized access to user accounts.
Core Features & Use Cases
- Host Header Poisoning: Manipulate Host headers to redirect reset tokens to an attacker-controlled domain.
- Token Leakage: Exploit Referer headers or email injection to intercept reset tokens.
- Token Analysis: Identify weak or predictable tokens for brute-force attacks.
- Use Case: A penetration tester uses this Skill to exploit a web application's weak password reset flow, successfully intercepting a reset token via Host header poisoning and taking over a victim's account.
Quick Start
Use the password-reset-poisoning skill to test for host header poisoning vulnerabilities against the target URL 'https://example.com/reset'.
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: password-reset-poisoning Download link: https://github.com/blacklanternsecurity/red-run/archive/main.zip#password-reset-poisoning Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.