Does this skill work with any API?

Yes, it is designed to test RESTful and other web APIs by analyzing headers, query strings, path parameters, and JSON or XML request bodies.

What types of injection does this skill test for?

The skill tests for SQL injection, NoSQL injection, OS command injection, LDAP injection, and Server-Side Request Forgery (SSRF) through various API input points.

Is this skill safe for production environments?

No, injection testing can modify, delete, or destroy data. It should only be used in isolated test environments with explicit written authorization.

How does it identify vulnerabilities?

It uses a combination of error-based, time-based, and union-based detection techniques to find weaknesses in how backend systems process API input.

API Injection Security Tester

Name: API Injection Security Tester
Author: micsapp

bymicsapp

0•

Security & Testing

Tests and identifies critical injection vulnerabilities in APIs, covering SQL, NoSQL, SSRF, and command injection vectors.

This skill empowers security professionals and developers to proactively identify and validate injection vulnerabilities across API endpoints. It provides automated testing workflows for various injection vectors, including SQL injection, NoSQL operator injection, and Server-Side Request Forgery (SSRF), mapping directly to OWASP API Security Top 10 risks (API7:2023 and API8:2023). By simulating realistic attack patterns through headers, parameters, and request bodies, it helps ensure that API input validation and data handling are robust against sophisticated exploits in both SQL and NoSQL database environments.

Key Features

01Specialized NoSQL injection testing for MongoDB and document stores

020 GitHub stars

03Direct mapping to OWASP API Security Top 10 standards

04Multi-point analysis covering headers, path parameters, and JSON bodies

05Automated SQL injection detection for MySQL, PostgreSQL, and SQLite

06Comprehensive SSRF testing targeting cloud metadata and internal services

Use Cases

01Validating input sanitization and parameterized query implementations

02Conducting automated security audits during the API development lifecycle

03Testing internal-facing APIs for potential SSRF and data exfiltration risks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills exploiting-api-injection-vulnerabilities

For use in Claude.ai and ChatGPT

Key Features

01Specialized NoSQL injection testing for MongoDB and document stores

020 GitHub stars

03Direct mapping to OWASP API Security Top 10 standards

04Multi-point analysis covering headers, path parameters, and JSON bodies

05Automated SQL injection detection for MySQL, PostgreSQL, and SQLite

06Comprehensive SSRF testing targeting cloud metadata and internal services

Use Cases

01Validating input sanitization and parameterized query implementations

02Conducting automated security audits during the API development lifecycle

03Testing internal-facing APIs for potential SSRF and data exfiltration risks

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add micsapp/micstec-skills exploiting-api-injection-vulnerabilities

For use in Claude.ai and ChatGPT