API Fuzzing for Bug Bounty

This skill should be used when the user asks to "test API security", "fuzz APIs", "find IDOR vulnerabilities", "test REST API", "test GraphQL", "API penetration testing", "bug bounty API testing", or needs guidance on API security assessment techniques.

Invalid

This skill can't be scored yet

Validation errors are blocking scoring. Review and fix them to unlock Quality, Impact and Security scores. See what needs fixing →

API Fuzzing for Bug Bounty

Purpose

Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors.

Inputs/Prerequisites

Burp Suite or similar proxy tool
API wordlists (SecLists, api_wordlist)
Understanding of REST/GraphQL/SOAP protocols
Python for scripting
Target API endpoints and documentation (if available)

Outputs/Deliverables

Identified API vulnerabilities
IDOR exploitation proofs
Authentication bypass techniques
SQL injection points
Unauthorized data access documentation

API Types Overview

Type	Protocol	Data Format	Structure
SOAP	HTTP	XML	Header + Body
REST	HTTP	JSON/XML/URL	Defined endpoints
GraphQL	HTTP	Custom Query	Single endpoint

Core Workflow

7. GraphQL IDOR

11. GraphQL XSS

12. GraphQL Tools

13. PDF Export Attacks

14. DoS via Limits

15. Example 1: IDOR Exploitation

16. Example 2: GraphQL Introspection

Repository: Dokhacgiakhoa/antigravity-ide
Commit: 3395991

Last updated: 25 days ago
Created: 25 days ago

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.