Template from anything
Generate scan templates from a URL list, ZAP history, Burp history or HAR files.
All projects
Authorization Testing · Go
Authz0
An automated authorization tester. Define a matrix of URLs, roles and credentials, then let Authz0 verify your access controls and surface unauthorized access.
Go
420+
MIT
420+
GitHub stars
4
Template sources
YAML
Matrix config
MIT
License
Capabilities
Authorization, tested automatically
Bring your own traffic — Authz0 turns URLs and existing proxy history into a repeatable access-control test.
Roles and credentials
Attach roles, headers and cookies per identity to model real access tiers.
Automated scanning
Replays each URL across identities and flags unexpected authorized access.
Matrix-driven
A simple YAML authorization matrix keeps tests declarative and repeatable.
Custom headers and cookies
Test multiple authentication headers and cookies for the same endpoint.
Runs anywhere
macOS, Windows, Linux, Docker and GitHub Actions out of the box.
Quickstart
From URLs to an access-control report
$ go install github.com/hahwul/authz0@latest
# build a template from a URL list
$ authz0 new target.yaml --include-urls urls.txt
# add a role and its credential
$ authz0 setRole target.yaml -n User1
$ authz0 setCred target.yaml -n User1 -H 'X-API-Key: 1234'
# run the authorization scan
$ authz0 scan target.yaml
Illustrative workflow.
Trust, but verify access.
Add Authz0 to your pipeline and catch broken authorization.