Can this skill test both REST and GraphQL APIs?

Yes, it contains specific workflows and payloads for REST, SOAP, and GraphQL, including introspection and batching attack patterns.

How does it handle GraphQL introspection?

It provides specific queries to fetch backend schemas and suggests tools like Clairvoyance for schema reconstruction if introspection is disabled.

Do I need external tools to use this skill effectively?

While the skill provides the logic and techniques, it recommends integrating with tools like Burp Suite, Kiterunner, and SecLists for professional engagements.

What types of vulnerabilities can I find using this skill?

It targets high-impact vulnerabilities such as IDOR, SQL injection, XXE, SSRF, authentication bypass, and insecure API configurations.

API Security & Bug Bounty Fuzzing

Name: API Security & Bug Bounty Fuzzing
Author: claudiodearaujo

byclaudiodearaujo

0•

安全与测试

Conducts comprehensive security assessments and vulnerability discovery for REST, SOAP, and GraphQL APIs.

The API Fuzzing for Bug Bounty skill provides developers and security researchers with a specialized framework for identifying critical vulnerabilities in web APIs. It guides the user through complex testing workflows including API reconnaissance, authentication bypass attempts, and advanced exploitation techniques like IDOR and GraphQL-specific attacks. Whether you are performing a professional penetration test or hunting for bug bounties, this skill provides the patterns, payloads, and tool recommendations necessary to identify and document high-impact security flaws across various protocols.

主要功能

01GraphQL-specific exploitation including introspection and batching attacks

02Advanced IDOR (Insecure Direct Object Reference) detection and bypass patterns

03Comprehensive endpoint reconnaissance for Swagger and OpenAPI documentation

04Automated injection testing logic for SQLi, Command Injection, XXE, and SSRF

05Multi-protocol support for REST, SOAP, and GraphQL security testing

060 GitHub stars

使用场景

01Performing automated security audits on production-grade API endpoints

02Hardening backend services against injection attacks and rate-limiting bypasses

03Identifying unauthorized data access through systematic IDOR and BOLA testing

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/izacenter api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill