Can I target specific parameters for testing?

Yes, you can specify exactly which parameters, headers, or endpoints you want Claude to focus on for more granular and efficient testing.

What types of vulnerabilities can this skill find?

The API Fuzzer is designed to identify SQL injection, Cross-Site Scripting (XSS), command injection, and various input validation failures.

Does it require external tools?

This skill utilizes built-in capabilities like Bash and Grep to interact with APIs and analyze results, meaning it can function within your standard Claude Code environment.

How do I trigger the fuzzing process?

You can trigger the skill by using the `/fuzz-api` command or by requesting a security analysis of a specific API endpoint.

Is it safe to run this on production APIs?

Fuzz testing involves sending malformed data that can cause unexpected behavior or crashes; it is strongly recommended to use this skill in development or staging environments.

API Fuzzer

Name: API Fuzzer
Author: BbgnsurfTech

byBbgnsurfTech

•

セキュリティとテスト

Performs automated fuzz testing on REST APIs to identify security vulnerabilities, input validation flaws, and edge-case failures.

The API Fuzzer skill empowers Claude to proactively secure applications by conducting rigorous automated testing against REST API endpoints. By generating and injecting diverse sets of malformed inputs, boundary values, and malicious payloads, the skill identifies critical vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), and command injection before they can be exploited. It is an essential tool for developers and security engineers looking to automate robustness testing and ensure high-standard input validation within their local development environments or security audits.

主な機能

01Boundary value and malformed data testing for robust input validation

02Support for custom payloads and specific endpoint targeting

03Command-line integration via the /fuzz-api command

041 GitHub stars

05Automated payload generation for SQL injection and XSS detection

06Real-time analysis of API responses to identify crashes and anomalies

ユースケース

01Auditing a legacy API for undiscovered security vulnerabilities

02Detecting potential memory leaks or crashes caused by unexpected data types

03Stress-testing new endpoints for input validation failures during development

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add bbgnsurftech/claude-skills-collection api-fuzzer

For use in Claude.ai and ChatGPT

Download Skill