api fuzzing for bug bounty

📁 dokhacgiakhoa/antigravity-ide 📅 Jan 1, 1970

总安装量

周安装量

#77988

全站排名

安装命令

npx skills add https://github.com/dokhacgiakhoa/antigravity-ide --skill 'API Fuzzing for Bug Bounty'

Skill 文档

API Fuzzing for Bug Bounty

Purpose

Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors.

Inputs/Prerequisites

Burp Suite or similar proxy tool
API wordlists (SecLists, api_wordlist)
Understanding of REST/GraphQL/SOAP protocols
Python for scripting
Target API endpoints and documentation (if available)

Outputs/Deliverables

Identified API vulnerabilities
IDOR exploitation proofs
Authentication bypass techniques
SQL injection points
Unauthorized data access documentation

API Types Overview

Type	Protocol	Data Format	Structure
SOAP	HTTP	XML	Header + Body
REST	HTTP	JSON/XML/URL	Defined endpoints
GraphQL	HTTP	Custom Query	Single endpoint

Core Workflow

ð§ Knowledge Modules (Fractal Skills)

1. Step 1: API Reconnaissance

2. Step 2: Authentication Testing

3. Step 3: IDOR Testing

4. Step 4: Injection Testing

5. Step 5: Method Testing

6. Introspection Query

7. GraphQL IDOR

8. GraphQL SQL/NoSQL Injection

9. Rate Limit Bypass (Batching)

10. GraphQL DoS (Nested Queries)

11. GraphQL XSS

12. GraphQL Tools

13. PDF Export Attacks

14. DoS via Limits

15. Example 1: IDOR Exploitation

16. Example 2: GraphQL Introspection

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台