Does it provide GraphQL-specific security checks?

Absolutely. It covers introspection queries, schema reconstruction with tools like Clairvoyance, and batching attacks to bypass rate limits.

What types of APIs does this skill support?

The skill provides specialized testing techniques for REST, SOAP, and GraphQL APIs, covering protocol-specific vulnerabilities for each.

What tools are integrated into the workflow?

The skill provides guidance for using industry-standard tools like Burp Suite, Kiterunner, SecLists, and various GraphQL-specific scanners like graphw00f.

Can this skill help with IDOR (BOLA) testing?

Yes, it includes multiple bypass techniques such as array wrapping, JSON nesting, and parameter pollution to test for Insecure Direct Object References.

API Security & Fuzzing Specialist

Name: API Security & Fuzzing Specialist
Author: claudiodearaujo

byclaudiodearaujo

•

安全与测试

Conducts comprehensive security audits and fuzzing on REST, SOAP, and GraphQL APIs to identify vulnerabilities like IDOR and injection.

This skill transforms Claude into a specialized penetration testing assistant focused on modern API architectures. It provides structured workflows for reconnaissance, deep-dive vulnerability testing for Broken Object Level Authorization (BOLA/IDOR), and protocol-specific attacks for GraphQL and SOAP. Whether you are a bug bounty hunter or a security engineer, this skill offers actionable payloads, bypass techniques, and tool recommendations to ensure a robust security posture for your web and mobile endpoints.

主要功能

01Injection testing workflows for SQLi, NoSQLi, Command Injection, and XXE.

02Comprehensive GraphQL security auditing including introspection and batching attacks.

03HTTP method tampering and endpoint bypass strategies for 403/401 error codes.

041 GitHub stars

05Advanced IDOR and BOLA exploitation techniques using JSON wrapping and parameter pollution.

06Multi-protocol reconnaissance for REST, SOAP, and GraphQL discovery.

使用场景

01Testing mobile and web backend APIs for broken authentication and unauthorized data access.

02Automating API reconnaissance and hidden endpoint discovery during bug bounty hunting.

03Performing deep-schema analysis and rate-limit testing on GraphQL endpoints.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add claudiodearaujo/sistema-de-narra-o-de-livro api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill