Is this skill suitable for automated security scanning?

While it provides the commands and logic for tools like Kiterunner and Fuzzapi, it is designed to guide a manual or semi-automated expert assessment for higher accuracy.

What API types does this skill support?

This skill provides specific testing patterns and guidance for REST, SOAP, and GraphQL APIs, covering the unique architectural security risks of each.

Can I use this for GraphQL schema discovery?

Yes, it includes techniques for running introspection queries and guidance on using tools like Clairvoyance to reconstruct schemas when introspection is disabled.

How does this help with IDOR testing?

It includes a structured methodology for finding Insecure Direct Object References and provides bypass techniques such as JSON wrapping, parameter pollution, and array-based ID manipulation.

API Security & Fuzzing Specialist

Name: API Security & Fuzzing Specialist
Author: claudiodearaujo

byclaudiodearaujo

•

보안 및 테스팅

Guides comprehensive security assessments for REST, GraphQL, and SOAP APIs to identify vulnerabilities like IDOR, injection attacks, and authentication bypasses.

The API Fuzzing for Bug Bounty skill provides a professional-grade framework for performing deep security audits on modern web services. It empowers developers and security researchers to systematically discover API endpoints, test for Insecure Direct Object References (IDOR), and exploit complex vulnerabilities in GraphQL and REST architectures. By integrating reconnaissance workflows, injection testing patterns, and protocol-specific bypass techniques, this skill serves as an essential companion for bug bounty hunting and rigorous penetration testing engagements.

주요 기능

01Automated reconnaissance for Swagger, OpenAPI, and hidden endpoints

021 GitHub stars

03Advanced IDOR (BOLA) discovery and multi-vector bypass strategies

04Specialized GraphQL testing including introspection and schema reconstruction

05Comprehensive injection testing for SQL, XXE, and Command Injection in JSON/XML

06Multi-protocol support for REST, SOAP, and GraphQL security testing

사용 사례

01Executing bug bounty workflows to identify high-severity data leaks

02Conducting professional penetration tests on production API environments

03Auditing legacy and undocumented API versions for security regressions

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill