Summary
This is a focused template for API security testing during bug bounty hunts. It covers fuzzing REST, SOAP, and GraphQL endpoints with techniques for finding authentication bypasses, IDOR vulnerabilities, and API-specific attack vectors. You'll need Burp Suite, wordlists like SecLists, and basic Python scripting skills. Originally from sickn33's antigravity collection and now maintained by davila7, it passed Gen Agent Trust Hub's audit but got warnings from Socket and failed Snyk's checks. If you're actively hunting for API bugs and want a structured approach to enumeration and exploitation, this gives you a solid starting framework rather than building attack patterns from scratch.
Install to Claude Code
npx -y skills add davila7/claude-code-templates --skill "API Fuzzing for Bug Bounty" --agent claude-codeInstalls into .claude/skills of the current project.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
Files
SKILL.md
Select a file.
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
