Can it test for Server-Side Request Forgery (SSRF)?

Absolutely; the skill includes payloads targeting internal services and cloud metadata endpoints for AWS, GCP, and Azure to identify SSRF risks.

Is this skill safe to use on production APIs?

No, injection testing can modify or destroy production data. It should only be used in isolated test environments with explicit written authorization.

Does it work with JSON-based NoSQL databases?

Yes, it specifically includes NoSQL injection workflows for MongoDB, targeting operator injection in JSON request bodies.

Does this skill support automated SQL injection detection?

Yes, it includes specialized payloads for detecting Union-based, Error-based, and Time-based SQL injection across various database backends like MySQL, PostgreSQL, and SQLite.

API Injection Vulnerability Tester

Name: API Injection Vulnerability Tester
Author: mukul975

bymukul975

•

4,121

•

Security & Testing

Tests API endpoints for injection vulnerabilities like SQL, NoSQL, and SSRF to ensure robust input validation and data protection.

This skill empowers developers and security testers to systematically identify and exploit common API injection vulnerabilities, including SQL, NoSQL, OS Command injection, and Server-Side Request Forgery (SSRF). By automating the discovery of injection points across path parameters, query strings, headers, and JSON bodies, it helps validate input sanitization and secure backend data interactions. Mapped to OWASP API Security Top 10 standards, it provides structured workflows for detection and proof-of-concept exploitation in authorized testing environments.

Key Features

01Comprehensive SQL injection testing covering Union-based, Error-based, and Time-based techniques

024,121 GitHub stars

03Automated identification of injection points in path, query, and body parameters

04SSRF detection targeting cloud metadata services (AWS, GCP, Azure) and internal protocols

05Specialized NoSQL injection payloads for MongoDB operator and regex-based bypasses

06Real-time monitoring of response time and content indicators to confirm vulnerabilities

Use Cases

01Automating security assessments during the development lifecycle to catch injection flaws early

02Performing authorized penetration tests to identify data exfiltration risks in API infrastructures

03Validating the effectiveness of Web Application Firewalls (WAF) and input validation logic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills exploiting-api-injection-vulnerabilities

For use in Claude.ai and ChatGPT

Key Features

01Comprehensive SQL injection testing covering Union-based, Error-based, and Time-based techniques

024,121 GitHub stars

03Automated identification of injection points in path, query, and body parameters

04SSRF detection targeting cloud metadata services (AWS, GCP, Azure) and internal protocols

05Specialized NoSQL injection payloads for MongoDB operator and regex-based bypasses

06Real-time monitoring of response time and content indicators to confirm vulnerabilities

Use Cases

01Automating security assessments during the development lifecycle to catch injection flaws early

02Performing authorized penetration tests to identify data exfiltration risks in API infrastructures

03Validating the effectiveness of Web Application Firewalls (WAF) and input validation logic

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add mukul975/anthropic-cybersecurity-skills exploiting-api-injection-vulnerabilities

For use in Claude.ai and ChatGPT