api-fuzzing-for-bug-bounty
API Fuzzing for Bug Bounty
Overview
Fuzzing, authentication checks, and payload crafting expose the injection, IDOR, and method-tampering gaps that bug bounty programs prize.
When to Use
- Testing REST, SOAP, GraphQL, or proprietary APIs for vulnerabilities under bug bounty or red-team timelines.
- Documenting exploits that hinge on IDOR/BOLA, authentication bypasses, SSRF, SQL/command injection, or rate-limit bypass.
- Automating endpoint coverage with tooling (Burp, Kiterunner, GraphQLmap) and reusable wordlists.
When NOT to Use
- Pure UI testing without significant API interaction.
- Static API documentation review that does not involve direct endpoint interaction.
- General network or infrastructure assessments that focus on routers, firewalls, or OSI layers outside the API plane.
Purpose
Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors.
More from aleister1102/skills
codeql
>-
26ffuf-web-fuzzing
Expert guidance for ffuf web fuzzing during penetration testing, including authenticated fuzzing with raw requests, auto-calibration, and result analysis
24brainstorming
You MUST use this before any creative work - creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements and design before implementation.
24prompt-optimizer
Transform vague prompts into precise, well-structured specifications using EARS (Easy Approach to Requirements Syntax) methodology. This skill should be used when users provide loose requirements, ambiguous feature descriptions, or need to enhance prompts for AI-generated code, products, or documents. Triggers include requests to "optimize my prompt", "improve this requirement", "make this more specific", or when raw requirements lack detail and structure.
24skill-creator
Create new skills, modify and improve existing skills, and measure skill performance. Use when users want to create a skill from scratch, update or optimize an existing skill, run evals to test a skill, benchmark skill performance with variance analysis, or optimize a skill's description for better triggering accuracy.
23semgrep
>-
23