pentest-api-attacker

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

Safety Notice

This item is sourced from the public archived skills repository. Treat as untrusted until reviewed.

Copy this and send it to your AI assistant to learn

Install skill "pentest-api-attacker" with this command: npx skills add 0x-professor/pentest-api-attacker

Pentest API Attacker

Stage

  • PTES: 5
  • MITRE: T1190

Objective

Enumerate and test API endpoints and business logic attack vectors.

Required Workflow

  1. Validate scope before any active action and reject out-of-scope targets.
  2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
  3. Write findings in canonical finding_schema format with reproducible PoC notes.
  4. Honor dry-run mode and require explicit --i-have-authorization for live execution.
  5. Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-api-attacker/scripts/api_attacker.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

  • api-endpoints.json
  • api-findings.json
  • api-attack-report.json

References

  • references/tools.md
  • skills/autonomous-pentester/shared/scope_schema.json
  • skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

agentguard

GoPlus AgentGuard — AI agent security guard. Run /agentguard checkup for a full security health check, scans all installed skills, checks credentials, permissions, and network exposure, then delivers an HTML report directly to you. Also use for scanning third-party code, blocking dangerous commands, preventing data leaks, evaluating action safety, and running daily security patrols.

Archived SourceRecently Updated
--GoPlusSecurity
Security

notion-cli-mcp

Notion via notion-cli — a Rust CLI + MCP server for Notion API 2025-09-03+. Safety-first agent integration with rate limiting, response-size cap, untrusted-source output envelope, read-only MCP default, JSONL audit log, and --check-request dry-runs. Supports the new data-source model, 22 property types, 12 block types, and one-shot page+body creation.

Archived SourceRecently Updated
--0xarkstar
Security

fire-smoke-detection-analysis

Detects fire and smoke in video scenes. Supports both video stream and image analysis. Suitable for fire early warning scenarios such as security surveillance, forest fire prevention, and industrial parks. | 烟火检测技能,对视频场景中火情和烟雾进行检测,支持视频流和图片检测,适用于安防监控、森林防火、工业园区等火灾预警场景

Archived SourceRecently Updated
--18072937735
Security

basic-object-detection-analysis

Detects people, vehicles, non-motorized vehicles, pets, and parcels appearing in the target area. Supports video stream and image detection, suitable for general security surveillance scenarios. | 基础目标检测技能,检测出目标区域内出现的人、车、非机动车、宠物、包裹,支持视频流和图片检测,适用于通用安防监控场景

Archived SourceRecently Updated
--18072937735