Skills

pentest-api-deep

Installation
SKILL.md

Pentest API Deep

Purpose

Perform dedicated API-specific vulnerability testing beyond basic BOLA/GraphQL coverage. Addresses Broken Function Level Authorization (BFLA), mass assignment, rate limiting, excessive data exposure, and unsafe consumption per OWASP API Security Top 10 (2023).

Prerequisites

Authorization Requirements

  • Written authorization with API testing scope explicitly included
  • API documentation (OpenAPI/Swagger specs, GraphQL schema) if available
  • Test accounts at multiple privilege levels (user, admin, service account)
  • Rate limit awareness — confirm acceptable request volume with target owner

Environment Setup

  • Postman or Insomnia for manual API exploration
  • Burp Suite with API-specific extensions
  • GraphQL Voyager for schema visualization
  • grpcurl for gRPC service testing
Installs
65
Repository
jd-opensource/joysafeter
GitHub Stars
281
First Seen
Feb 18, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn
pentest-api-deep — jd-opensource/joysafeter