Is this skill suitable for automated security scanning?

It is designed to guide manual and semi-automated testing, providing commands for industry tools like Kiterunner, Burp Suite, and various GraphQL exploitation toolkits.

How does it handle GraphQL-specific security?

The skill covers introspection query abuse, schema reconstruction with tools like Clairvoyance, and rate limit bypasses through mutation batching.

Can this skill help identify IDOR vulnerabilities?

Yes, it includes advanced bypass techniques such as array wrapping, wildcard injection, and parameter pollution to test for Insecure Direct Object References.

What API types does this skill support?

It provides specialized testing techniques for REST, SOAP, and GraphQL architectures, including specific data formats like JSON and XML.

API Fuzzing & Bug Bounty Security

Name: API Fuzzing & Bug Bounty Security
Author: boisenoise

byboisenoise

0•

Security & Testing

Performs comprehensive API security assessments using advanced fuzzing, IDOR exploitation, and GraphQL vulnerability discovery techniques.

This skill equips Claude with expert-level security research capabilities for auditing REST, SOAP, and GraphQL APIs. It provides structured workflows for reconnaissance, authentication bypass, and the discovery of critical vulnerabilities like Broken Object Level Authorization (BOLA/IDOR), SQL injection, and SSRF. Designed for bug bounty hunters and penetration testers, the skill offers specific payloads for modern API architectures, guidance on bypassing rate limits through batching, and techniques for reconstructing schemas when introspection is disabled.

Key Features

01Comprehensive GraphQL security testing for introspection, batching, and DoS.

02Automated API reconnaissance for Swagger, OpenAPI, and hidden endpoints.

03Payload generation for SQLi, XXE, SSRF, and command injection within API contexts.

04Method tampering and content-type switching for bypass testing.

05Advanced IDOR/BOLA bypass techniques including JSON wrapping and parameter pollution.

060 GitHub stars

Use Cases

01Testing GraphQL endpoints for unauthorized data exposure and introspection vulnerabilities.

02Identifying and bypassing authentication controls on undocumented mobile API backends.

03Executing a systematic security audit of a production REST API for a bug bounty program.

What are Skills?·How to Install

Install with 🐟 Skill.Fish

npx skillfish add boisenoise/skills-collections antigravity-api-fuzzing-bug-bounty

For use in Claude.ai and ChatGPT

Download Skill