Does it help with discovering hidden API endpoints?

Yes, it includes reconnaissance steps for finding Swagger/OpenAPI documentation, historical endpoints via archive.org, and using discovery tools like Kiterunner.

Does this skill support GraphQL security testing?

Yes, it includes specialized techniques for GraphQL introspection, schema reconstruction, batching attacks, and nested query denial-of-service testing.

Can I use this to find IDOR vulnerabilities?

Absolutely. The skill provides multiple IDOR and BOLA bypass patterns, including JSON wrapping, parameter pollution, and wildcard injection.

Can this skill help bypass 403 Forbidden errors?

It includes several endpoint bypass techniques such as path traversal, header manipulation, and extension appending to test for misconfigured access controls.

What API protocols are covered?

The toolkit provides specific guidance and testing workflows for REST, SOAP, and GraphQL APIs.

API Fuzzing & Bug Bounty Toolkit

Name: API Fuzzing & Bug Bounty Toolkit
Author: claudiodearaujo

byclaudiodearaujo

•

Seguridad y Pruebas

Guides comprehensive API security testing and vulnerability discovery across REST, GraphQL, and SOAP architectures.

This skill provides a specialized framework for security researchers and developers to perform deep API penetration testing and bug bounty hunting. It covers the entire security assessment lifecycle, from automated reconnaissance and endpoint enumeration to advanced exploitation of IDOR, SQL injection, and XXE. With dedicated modules for GraphQL-specific attacks like introspection abuse and query batching, this skill helps identify critical authorization flaws and data exposures that standard scanners often miss.

Características Principales

01Comprehensive injection testing for SQL, Command, XXE, and SSRF vulnerabilities

02Automated API reconnaissance and endpoint discovery for REST and GraphQL

03Authentication bypass and rate-limit testing techniques

041 GitHub stars

05Advanced IDOR and BOLA (Broken Object Level Authorization) bypass patterns

06Specialized GraphQL security auditing including introspection and DoS testing

Casos de Uso

01Systematic vulnerability hunting for bug bounty programs

02Validating authorization controls and identifying unauthorized data access points

03Conducting security audits on production-grade REST and GraphQL APIs

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill