Is this skill suitable for automated security scanning?

It is designed to guide manual and semi-automated testing, providing commands for industry tools like Kiterunner, Burp Suite, and various GraphQL exploitation toolkits.

How does it handle GraphQL-specific security?

The skill covers introspection query abuse, schema reconstruction with tools like Clairvoyance, and rate limit bypasses through mutation batching.

Can this skill help identify IDOR vulnerabilities?

Yes, it includes advanced bypass techniques such as array wrapping, wildcard injection, and parameter pollution to test for Insecure Direct Object References.

What API types does this skill support?

It provides specialized testing techniques for REST, SOAP, and GraphQL architectures, including specific data formats like JSON and XML.

API Fuzzing & Bug Bounty Security

Name: API Fuzzing & Bug Bounty Security
Author: boisenoise

byboisenoise

セキュリティとテスト

Performs comprehensive API security assessments using advanced fuzzing, IDOR exploitation, and GraphQL vulnerability discovery techniques.

概要

This skill equips Claude with expert-level security research capabilities for auditing REST, SOAP, and GraphQL APIs. It provides structured workflows for reconnaissance, authentication bypass, and the discovery of critical vulnerabilities like Broken Object Level Authorization (BOLA/IDOR), SQL injection, and SSRF. Designed for bug bounty hunters and penetration testers, the skill offers specific payloads for modern API architectures, guidance on bypassing rate limits through batching, and techniques for reconstructing schemas when introspection is disabled.

主な機能

Comprehensive GraphQL security testing for introspection, batching, and DoS.
Automated API reconnaissance for Swagger, OpenAPI, and hidden endpoints.
Payload generation for SQLi, XXE, SSRF, and command injection within API contexts.
Method tampering and content-type switching for bypass testing.
Advanced IDOR/BOLA bypass techniques including JSON wrapping and parameter pollution.
0 GitHub stars

ユースケース

Testing GraphQL endpoints for unauthorized data exposure and introspection vulnerabilities.
Identifying and bypassing authentication controls on undocumented mobile API backends.
Executing a systematic security audit of a production REST API for a bug bounty program.

概要

主な機能

Comprehensive GraphQL security testing for introspection, batching, and DoS.
Automated API reconnaissance for Swagger, OpenAPI, and hidden endpoints.
Payload generation for SQLi, XXE, SSRF, and command injection within API contexts.
Method tampering and content-type switching for bypass testing.
Advanced IDOR/BOLA bypass techniques including JSON wrapping and parameter pollution.
0 GitHub stars

ユースケース

Testing GraphQL endpoints for unauthorized data exposure and introspection vulnerabilities.
Identifying and bypassing authentication controls on undocumented mobile API backends.
Executing a systematic security audit of a production REST API for a bug bounty program.