What tools are recommended to use alongside this skill?

The skill references industry-standard tools including Burp Suite, Kiterunner, SecLists, InQL, and various specialized Python scripts for API discovery.

Can this skill help with IDOR or BOLA vulnerabilities?

Yes, it includes a dedicated section on Insecure Direct Object Reference (IDOR), covering bypass techniques like JSON wrapping, parameter pollution, and wildcard injection.

Does it provide support for GraphQL-specific attacks?

Absolutely. It covers GraphQL introspection, rate limit bypass via batching, nested query DoS attacks, and schema reconstruction tools like clairvoyance.

Can I use this for testing authenticated endpoints?

Yes, the skill includes specific workflows for testing authentication bypasses, JWT weaknesses, and comparing mobile vs. web API security controls.

What types of APIs does this skill support?

This skill supports REST, SOAP, and GraphQL APIs, providing specific testing patterns, reconnaissance methods, and exploitation techniques for each protocol.

API Security Fuzzing & Bug Bounty

Name: API Security Fuzzing & Bug Bounty
Author: claudiodearaujo

byclaudiodearaujo

보안 및 테스팅

Guides comprehensive security testing for REST, SOAP, and GraphQL APIs to identify vulnerabilities like IDOR and injection.

소개

This skill provides a specialized workflow for security professionals and developers to conduct deep-dive API penetration testing and bug bounty hunting. It covers the entire lifecycle of an assessment, from initial reconnaissance and endpoint enumeration to advanced exploitation techniques for IDOR (Insecure Direct Object Reference), SQL injection, and GraphQL-specific vulnerabilities. By integrating industry-standard tools and best practices, it helps users systematically uncover authentication bypasses, rate-limiting gaps, and sensitive data exposure across diverse API architectures.

주요 기능

Advanced IDOR and Broken Object Level Authorization (BOLA) testing patterns
Protocol-specific bypass techniques for 401/403 unauthorized errors
0 GitHub stars
Injection vulnerability detection for SQL, NoSQL, XXE, and Command Injection
Automated reconnaissance for Swagger/OpenAPI documentation and hidden endpoints
Comprehensive GraphQL security auditing including introspection and batching attacks

사용 사례

Performing automated security audits during the API development lifecycle
Hardening GraphQL endpoints against introspection and denial-of-service attacks
Conducting professional bug bounty hunting on modern web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill

GitHub

소개