What security tools are integrated into the workflow?

The skill references industry-standard tools such as Burp Suite, Kiterunner, SecLists, InQL, and various specialized API and GraphQL fuzzers.

Does it provide guidance for GraphQL-specific attacks?

Absolutely. It covers introspection queries, schema reconstruction, rate limit bypass via batching, and nested query Denial of Service (DoS) attacks.

Can this skill help find IDOR vulnerabilities?

Yes, it includes specialized sections for Insecure Direct Object Reference (IDOR) testing, including bypass techniques like parameter pollution and JSON wrapping.

What API protocols does this skill support?

The skill provides comprehensive testing techniques for REST, SOAP, and GraphQL protocols, including specific data formats like JSON and XML.

API Security & Fuzzing Specialist

Name: API Security & Fuzzing Specialist
Author: claudiodearaujo

byclaudiodearaujo

•

安全与测试

Conducts comprehensive security assessments and fuzzing across REST, SOAP, and GraphQL APIs to identify vulnerabilities like IDOR and injection.

This skill provides Claude with expert-level guidance for performing deep security audits and penetration testing on modern web APIs. It covers the entire testing lifecycle, from automated reconnaissance and endpoint discovery to advanced exploitation techniques for IDOR, BOLA, and various injection vectors. Whether you are a bug bounty hunter or a security engineer, this skill streamlines the process of finding critical flaws in JSON/XML payloads, bypassing authentication, and auditing complex GraphQL schemas using industry-standard methodologies and toolsets.

主要功能

01Automated reconnaissance workflows for hidden endpoint discovery

021 GitHub stars

03Advanced IDOR and Broken Object Level Authorization (BOLA) bypass patterns

04GraphQL-specific vulnerability scanning including introspection and batching attacks

05Injection testing strategies for SQLi, XXE, SSRF, and Command Execution

06Multi-protocol support for REST, SOAP, and GraphQL security testing

使用场景

01Performing professional bug bounty hunting on target web application APIs

02Identifying authorization bypasses and sensitive data exposure in production environments

03Conducting pre-deployment security audits for REST and GraphQL services

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill