What tools are recommended to use alongside this skill?

The skill references industry-standard tools including Burp Suite, Kiterunner, SecLists, InQL, and various specialized Python scripts for API discovery.

Can this skill help with IDOR or BOLA vulnerabilities?

Yes, it includes a dedicated section on Insecure Direct Object Reference (IDOR), covering bypass techniques like JSON wrapping, parameter pollution, and wildcard injection.

Does it provide support for GraphQL-specific attacks?

Absolutely. It covers GraphQL introspection, rate limit bypass via batching, nested query DoS attacks, and schema reconstruction tools like clairvoyance.

Can I use this for testing authenticated endpoints?

Yes, the skill includes specific workflows for testing authentication bypasses, JWT weaknesses, and comparing mobile vs. web API security controls.

What types of APIs does this skill support?

This skill supports REST, SOAP, and GraphQL APIs, providing specific testing patterns, reconnaissance methods, and exploitation techniques for each protocol.

API Security Fuzzing & Bug Bounty

Name: API Security Fuzzing & Bug Bounty
Author: claudiodearaujo

byclaudiodearaujo

0•

보안 및 테스팅

Guides comprehensive security testing for REST, SOAP, and GraphQL APIs to identify vulnerabilities like IDOR and injection.

This skill provides a specialized workflow for security professionals and developers to conduct deep-dive API penetration testing and bug bounty hunting. It covers the entire lifecycle of an assessment, from initial reconnaissance and endpoint enumeration to advanced exploitation techniques for IDOR (Insecure Direct Object Reference), SQL injection, and GraphQL-specific vulnerabilities. By integrating industry-standard tools and best practices, it helps users systematically uncover authentication bypasses, rate-limiting gaps, and sensitive data exposure across diverse API architectures.

주요 기능

01Advanced IDOR and Broken Object Level Authorization (BOLA) testing patterns

02Protocol-specific bypass techniques for 401/403 unauthorized errors

030 GitHub stars

04Injection vulnerability detection for SQL, NoSQL, XXE, and Command Injection

05Automated reconnaissance for Swagger/OpenAPI documentation and hidden endpoints

06Comprehensive GraphQL security auditing including introspection and batching attacks

사용 사례

01Performing automated security audits during the API development lifecycle

02Hardening GraphQL endpoints against introspection and denial-of-service attacks

03Conducting professional bug bounty hunting on modern web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

주요 기능

01Advanced IDOR and Broken Object Level Authorization (BOLA) testing patterns

02Protocol-specific bypass techniques for 401/403 unauthorized errors

030 GitHub stars

04Injection vulnerability detection for SQL, NoSQL, XXE, and Command Injection

05Automated reconnaissance for Swagger/OpenAPI documentation and hidden endpoints

06Comprehensive GraphQL security auditing including introspection and batching attacks

사용 사례

01Performing automated security audits during the API development lifecycle

02Hardening GraphQL endpoints against introspection and denial-of-service attacks

03Conducting professional bug bounty hunting on modern web applications

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro-front api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT