Can this skill help find IDOR vulnerabilities?

Yes, it includes detailed workflows and specific payloads for identifying Insecure Direct Object References and various techniques to bypass authorization checks.

Is this skill suitable for professional penetration testers?

Yes, it is designed for both bug bounty hunters and professional security researchers looking to automate or guide their API assessment and exploitation workflows.

What tools are recommended by this skill?

It references industry-standard security tools such as Burp Suite, Kiterunner, SecLists, InQL, and GraphCrawler to facilitate professional-grade API assessments.

What is the API Fuzzing skill for Claude Code?

It is a specialized capability that enables Claude to provide expert guidance on testing API security, identifying vulnerabilities like IDOR or SQLi, and performing bug bounty research.

Does it support GraphQL security testing?

Absolutely. The skill covers GraphQL-specific attack vectors including introspection queries, batching for rate-limit bypass, and nested query DoS attacks.

API Security Fuzzing & Bug Bounty

Name: API Security Fuzzing & Bug Bounty
Author: sickn33

bysickn33

•

2,292

Seguridad y Pruebas

Conducts comprehensive API security assessments and vulnerability discovery using industry-standard fuzzing and exploitation techniques.

Acerca de

This skill equips Claude with a specialized knowledge base for identifying and exploiting security flaws in REST, SOAP, and GraphQL APIs. It provides actionable workflows for reconnaissance, authentication testing, and the discovery of high-impact vulnerabilities like IDOR, SQL injection, XXE, and SSRF. Designed for bug bounty hunters and penetration testers, it includes advanced bypass techniques for authorization controls and a comprehensive directory of professional security tools to streamline the auditing process.

Características Principales

Specialized GraphQL security audits including schema introspection and batching
Comprehensive API reconnaissance and endpoint enumeration workflows
Injection vulnerability detection for SQL, Command, XXE, and SSRF
2,292 GitHub stars
Deep-dive IDOR (Insecure Direct Object Reference) testing and bypass strategies
HTTP method tampering and 403/401 endpoint bypass techniques

Casos de Uso

Auditing GraphQL schemas for introspection vulnerabilities and nested query Denial of Service risks
Testing API authentication mechanisms for rate-limiting bypasses and credential stuffing vulnerabilities
Identifying unauthorized data access points in production REST APIs during a bug bounty engagement

Acerca de

Características Principales

Specialized GraphQL security audits including schema introspection and batching
Comprehensive API reconnaissance and endpoint enumeration workflows
Injection vulnerability detection for SQL, Command, XXE, and SSRF
2,292 GitHub stars
Deep-dive IDOR (Insecure Direct Object Reference) testing and bypass strategies
HTTP method tampering and 403/401 endpoint bypass techniques

Casos de Uso

Auditing GraphQL schemas for introspection vulnerabilities and nested query Denial of Service risks
Testing API authentication mechanisms for rate-limiting bypasses and credential stuffing vulnerabilities
Identifying unauthorized data access points in production REST APIs during a bug bounty engagement