pt-fuzzing-web-api
Performs authorized fuzzing of web applications and APIs to discover input validation failures, parser bugs, and stability issues. Use when testing HTTP endpoints, request parameters, payload handling, and error behavior under malformed or unexpected inputs.
95
92%
Does it follow best practices?
Impact
99%
1.41xAverage score across 3 eval scenarios
Risky
Do not use without reviewing
Evaluation results
100%
21%Pre-Launch Security Review: Payment Processing API
Fuzzing engagement plan and scope definition
In-scope endpoints defined
100%
100%
Auth contexts specified
100%
100%
Rate/concurrency ceilings
30%
100%
Timeout ceiling specified
80%
100%
Stop conditions defined
100%
100%
Parameter inventory breadth
100%
100%
File upload parameters included
100%
100%
Baseline valid requests
100%
100%
Mutation strategy dimensions
100%
100%
Low-and-slow execution approach
20%
100%
Tracking anomaly types
50%
100%
99%
27%Security Findings Report: User Profile API Anomalies
Output template compliance and evidence documentation
Scope and Configuration section
60%
100%
Rate/concurrency and stop conditions
0%
100%
Findings section present
100%
100%
Endpoint and trigger input per finding
100%
100%
Observed behavior and repro steps per finding
100%
100%
Security/availability impact per finding
100%
100%
Recommended fix per finding
100%
100%
Stability and Detection Notes section
0%
100%
Regression Test Cases section
10%
100%
Exact trigger payload preserved
71%
92%
True defects separated from expected failures
100%
100%
100%
41%API Security Triage: Overnight Fuzzing Results
Triage classification and remediation recommendations
Defect vs. validation separation
100%
100%
Minimal payload preserved per defect
0%
100%
Input/schema validation hardening recommended
100%
100%
Parser or library update recommended
100%
100%
Safer defaults recommended
100%
100%
Regression test cases included
0%
100%
Expected safe behavior per regression case
0%
100%
Prevention guidance included
80%
100%
Exact request/response evidence
30%
100%
Security/availability impact stated
100%
100%
- Repository
- santosomar/ethical-hacking-agent-skills
- Commit
a8ff73a
- Evaluated
- Agent
- Claude Code
- Model
- Claude Sonnet 4.6
Table of Contents
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.