Can this skill test GraphQL APIs specifically?

Yes, it includes specialized techniques for GraphQL, such as introspection query exploitation, schema reconstruction using Clairvoyance, and testing for nested query Denial of Service (DoS).

API fuzzing is a testing technique that involves sending unexpected, invalid, or random data to API endpoints to identify security vulnerabilities, logic flaws, and potential crashes.

What common vulnerabilities does this skill help identify?

It focuses on critical API flaws including Insecure Direct Object Reference (IDOR), Broken Object Level Authorization (BOLA), SQL injection in JSON/XML, SSRF, and XXE.

Does this skill work with external security tools?

Yes, it is designed to complement tools like Burp Suite, Kiterunner, and various GraphQL security scanners by providing the logic and payloads needed for manual and automated testing.

API Security & Fuzzing Specialist

Name: API Security & Fuzzing Specialist
Author: claudiodearaujo

byclaudiodearaujo

0•

Seguridad y Pruebas

Automates and guides API security assessments to identify vulnerabilities like IDOR, injection, and authentication bypasses in REST, SOAP, and GraphQL interfaces.

This skill transforms Claude into a specialized security researcher focused on API penetration testing and bug bounty hunting. It provides comprehensive workflows for reconnaissance, automated fuzzing, and manual exploitation of common API vulnerabilities across various protocols. Whether you are testing for Broken Object Level Authorization (BOLA), exploiting GraphQL introspection, or bypassing rate limits, this skill offers the specific payloads, tool recommendations, and logic required to secure modern web backends and discover critical security flaws during the development or auditing process.

Características Principales

01Authentication and rate-limit bypass strategies for mobile and web APIs.

020 GitHub stars

03Advanced IDOR and BOLA bypass technique library for data privacy testing.

04Multi-protocol injection testing for SQL, XXE, SSRF, and Command Injection.

05Specialized GraphQL security testing including introspection and batching attacks.

06Comprehensive reconnaissance for Swagger, OpenAPI, and hidden API endpoints.

Casos de Uso

01Conducting deep security audits of REST, SOAP, or GraphQL production APIs.

02Executing structured bug bounty hunting workflows to find high-severity vulnerabilities.

03Verifying API security controls and input validation during the development lifecycle.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill

Características Principales

01Authentication and rate-limit bypass strategies for mobile and web APIs.

020 GitHub stars

03Advanced IDOR and BOLA bypass technique library for data privacy testing.

04Multi-protocol injection testing for SQL, XXE, SSRF, and Command Injection.

05Specialized GraphQL security testing including introspection and batching attacks.

06Comprehensive reconnaissance for Swagger, OpenAPI, and hidden API endpoints.

Casos de Uso

01Conducting deep security audits of REST, SOAP, or GraphQL production APIs.

02Executing structured bug bounty hunting workflows to find high-severity vulnerabilities.

03Verifying API security controls and input validation during the development lifecycle.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill