Automic VaultAutomic Vault

brew

Install authz0 with Homebrew, Nix

Automated authorization test tool. Version 1.1.2 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install authz0

local Homebrew formula metadata

Linux

Nixverified · 92%
nix profile install nixpkgs#authz0

nixpkgs package indexes · pkgs/by-name/au/authz0/package.nix · source: api.github.com

overview

Package summary

Automated authorization test tool

Commands and aliases

  • authz0

history

Project history and usage

Authz0 is a Go CLI for automated authorization and access-control testing. It models target URLs, roles, assertions, and credentials in YAML templates, then scans for unauthorized access based on those role definitions.

Project history

The public repository was created in January 2022. The README describes the tool as an automated authorization test tool that identifies unauthorized access using URLs, roles, and credentials.

Early releases moved quickly: v1.0.0 shipped in January 2022, v1.1.0 added `setCred` plus imports from ZAP, HAR, and Burp history, and v1.1.2 followed in March 2022. The repository has continued to receive activity even though Homebrew currently tracks the older 1.1.2 release.

Adoption history

Authz0 is distributed through Go install, Homebrew via the project's tap instructions, Snapcraft, Docker, and a GitHub Action according to official docs and the README. The Homebrew core formula packages 1.1.2 from the official GitHub tag, while the input also records Nix packaging.

The tool sits in the bug-bounty and application-security packaging lane: small enough to install as a single CLI, but designed to consume artifacts from Burp, ZAP, HAR exports, and YAML templates created during manual security testing.

How it is used

A typical flow is `authz0 new` to generate a YAML template, `authz0 setUrl`, `setRole`, and `setCred` to add test data, then `authz0 scan` to execute checks. The docs show credential headers stored inside the user-supplied template file rather than a fixed global credentials location.

Because the template path is chosen by the user, there is no official fixed config-file or credentials-file location to record. The official structure docs document the YAML schema, not an application config path.

Why package nerds care

Authz0 is notable for packaging a common appsec workflow as a reproducible CLI: collect URLs from ZAP/Burp/HAR, map roles to allowed and denied routes, and run the same authorization checks again in CI or local testing.

Its package history also shows the difference between upstream activity and packaged stable versions: the repository is active, while the Homebrew stable formula remains at the 2022 1.1.2 release.

Timeline

  • 2022-01: Public GitHub repository created.
  • 2022-01: v1.0.0 released.
  • 2022-01: v1.1.0 added `setCred` and ZAP/HAR/Burp import flags.
  • 2022-03: v1.1.2 released.
  • 2022-05: GitHub Action release tag published.

Related projects

  • Authz0 is designed to work around artifacts from OWASP ZAP, Burp Suite, HAR files, Docker, GitHub Actions, and Go-based CLI installation.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
authz0cliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-07
manager version1.1.2
manager updated
local dataok
upstreamcurrent
latest detectedv1.1.2

https://github.com/hahwul/authz0

  • infoNo package-manager update timestamp was available.low confidence

install metadata

Package metadata

Package keybrew:authz0
Version1.1.2
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/authz0
Homepagehttps://authz0.hahwul.com/
Repositoryhttps://github.com/hahwul/authz0
Upstream docshttps://authz0.hahwul.com/
LicenseMIT
Source archivehttps://github.com/hahwul/authz0/archive/refs/tags/v1.1.2.tar.gz
Build dependenciesgo
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameauthz0
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Nix95%

authz0

nix profile install nixpkgs#authz0
  • normalized package name match
  • Matched by: Authz0
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/au/authz0/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment