Hi security engineers and hackers! Authz0 v1.1.0 has been released 🎉 First of all, I would like to thank many of you for your good feedback.

Summary

• Add setCred command
• Add –include-zap flag in new command
• Add –include-har flag in new command
• Add –include-burp flag in new command
• Add –assert-fail-size-margin flag in new command
• Support multiple same assert type
• Improve report
• Fixed bugs

Credentials and setCred

Now, we can add credentials to the template using the setCred command.

authz0 setCred target.yaml -n User1 -H "X-Token: abvcddf"
authz0 setCred target.yaml -n User2 -H "X-Token: bbbbbb"

Once added, can check it on the template like this.

credentials:
- rolename: User1
  headers:
  - 'X-Token: abvcddf'
- rolename: User2
  headers:
  - 'X-Token: bbbbbb'

The added credentials information is used in the scan.

authz0 scan target.yaml

+> Tetst to User1, User2

authz0 scan target.yaml -r User3 -H "X-Token: bbaaaa"

+> Tetst to User1, User2, User3

include from ZAP and Burp, HAR

Now, we can include ZAP and Burp History, HAR File.

• Add –include-zap flag in new command
• Add –include-har flag in new command
• Add –include-burp flag in new command

authz0 new --include-zap zap_history.har
authz0 new --include-burp burp_history.xml
authz0 new --include-har chrome_history.har

Support multiple same assert

We can now use multiple identical types of assertions. In the example below, we can designate two fail sizes and set the error range through margin.

• –assert-fail-size ints Set fail size assert (support duplicate flag)
• –assert-fail-size-margin int Set approximation range of fail size assert

authz0 new target.yaml --assert-fail-size 10 \
--assert-fail-size 550 --assert-fail-size-margin 5

References

• https://github.com/hahwul/authz0/releases/tag/v1.1.0
• https://twitter.com/hahwul/status/1484189272995676162