api-fuzzing-for-bug-bounty

Featured

This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.

API & Backend 4,168 stars 408 forks Updated yesterday MIT

Install

View on GitHub

Quality Score: 96/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# API Fuzzing for Bug Bounty ## Purpose Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors. ## Inputs/Prerequisites - Burp Suite or similar proxy tool - API wordlists (SecLists, api_wordlist) - Understanding of REST/GraphQL/SOAP protocols - Python for scripting - Target API endpoints and documentation (if available) ## Outputs/Deliverables - Identified API vulnerabilities - IDOR exploitation proofs - Authentication bypass techniques - SQL injection points - Unauthorized data access documentation --- ## API Types Overview | Type | Protocol | Data Format | Structure | |------|----------|-------------|-----------| | SOAP | HTTP | XML | Header + Body | | REST | HTTP | JSON/XML/URL | Defined endpoints | | GraphQL | HTTP | Custom Query | Single endpoint | --- ## Core Workflow ### Step 1: API Reconnaissance Identify API type and enumerate endpoints: ```bash # Check for Swagger/OpenAPI documentation /swagger.json /openapi.json /api-docs /v1/api-docs /swagger-ui.html # Use Kiterunner for API discovery kr scan https://target.com -w routes-large.kite # Extract paths from Swagger python3 json2paths.py swagger.json ``` ### Step 2: Authentication Testing ```bash # Test different login paths /api/mobile/login /api/v3/login /api/magic_link /api/admin/login # Check rate limiting on aut...

Details

Author
zebbern
Repository
zebbern/claude-code-guide
Created
11 months ago
Last Updated
yesterday
Language
N/A
License
MIT

Integrates with

Anthropic · AI GraphQL · API REST API · API

Similar Skills

Semantically similar based on skill content — not just same category

Data & Documents Solid

bounty-hunter

A professional AI bounty hunter persona named Atlas. Use when seeking, evaluating, or executing paid tasks (bounties, freelance, bug hunting) to maximize profit while minimizing token costs and ensuring secure payouts.

282 Updated 3 months ago
1sadjlk
API & Backend Featured

firebase-apk-scanner

Scans Android APKs for Firebase security misconfigurations including open databases, storage buckets, authentication issues, and exposed cloud functions. Use when analyzing APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security. For authorized security research only.

5,389 Updated 1 weeks ago
trailofbits
API & Backend Solid

fhir-api

Expert guidance for implementing FHIR RESTful API servers and clients following the HL7 FHIR specification. Use this skill when implementing a FHIR server with REST endpoints, building a FHIR client, designing FHIR API routes and handlers, implementing FHIR operations (read, create, update, delete, search, history), working with FHIR bundles, batch requests, or transactions, handling FHIR content negotiation, headers, and versioning, or implementing conditional operations. Trigger keywords include "FHIR REST", "FHIR API", "FHIR server", "FHIR client", "FHIR endpoint", "FHIR operations", "RESTful FHIR", "implement FHIR".

127 Updated 3 days ago
aehrc
API & Backend Featured

api-doc-generator

Generate API documentation from source code, supporting REST APIs, GraphQL, and various documentation formats.

528 Updated today
JackyST0
DevOps & Infrastructure Listed

code-audit

Professional code security audit skill covering 55+ vulnerability types. Enhanced with WooYun 88,636 real-world vulnerability cases (2010-2016). This skill should be used when performing security audits, vulnerability scanning, penetration testing preparation, or code review for security issues. Supports 9 languages: Java, Python, Go, PHP, JavaScript/Node.js, C/C++, .NET/C#, Ruby, Rust. Includes 143 mandatory detection items across all languages with language-specific checklists. Covers SQL injection, XSS, RCE, deserialization, SSRF, JNDI injection, JDBC protocol injection, authentication bypass, business logic flaws, race conditions, and modern security domains (LLM, Serverless, Android). WooYun integration adds: statistical-driven parameter priority, bypass techniques library, logic vulnerability patterns, and real-case references. v1.0: Initial public release with Docker deployment verification framework.

704 Updated 3 months ago
3stoneBrother