Can this skill help find IDOR vulnerabilities?

Yes, it includes detailed workflows and specific payloads for identifying Insecure Direct Object References and various techniques to bypass authorization checks.

Is this skill suitable for professional penetration testers?

Yes, it is designed for both bug bounty hunters and professional security researchers looking to automate or guide their API assessment and exploitation workflows.

What tools are recommended by this skill?

It references industry-standard security tools such as Burp Suite, Kiterunner, SecLists, InQL, and GraphCrawler to facilitate professional-grade API assessments.

What is the API Fuzzing skill for Claude Code?

It is a specialized capability that enables Claude to provide expert guidance on testing API security, identifying vulnerabilities like IDOR or SQLi, and performing bug bounty research.

Does it support GraphQL security testing?

Absolutely. The skill covers GraphQL-specific attack vectors including introspection queries, batching for rate-limit bypass, and nested query DoS attacks.

API Security Fuzzing & Bug Bounty

Name: API Security Fuzzing & Bug Bounty
Author: sickn33

bysickn33

•

2,292

•

Security & Testing

Conducts comprehensive API security assessments and vulnerability discovery using industry-standard fuzzing and exploitation techniques.

This skill equips Claude with a specialized knowledge base for identifying and exploiting security flaws in REST, SOAP, and GraphQL APIs. It provides actionable workflows for reconnaissance, authentication testing, and the discovery of high-impact vulnerabilities like IDOR, SQL injection, XXE, and SSRF. Designed for bug bounty hunters and penetration testers, it includes advanced bypass techniques for authorization controls and a comprehensive directory of professional security tools to streamline the auditing process.

Key Features

01Specialized GraphQL security audits including schema introspection and batching

02Comprehensive API reconnaissance and endpoint enumeration workflows

03Injection vulnerability detection for SQL, Command, XXE, and SSRF

042,292 GitHub stars

05Deep-dive IDOR (Insecure Direct Object Reference) testing and bypass strategies

06HTTP method tampering and 403/401 endpoint bypass techniques

Use Cases

01Auditing GraphQL schemas for introspection vulnerabilities and nested query Denial of Service risks

02Testing API authentication mechanisms for rate-limiting bypasses and credential stuffing vulnerabilities

03Identifying unauthorized data access points in production REST APIs during a bug bounty engagement

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add sickn33/antigravity-awesome-skills api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill