This is a comprehensive offensive security skill for finding vulnerabilities in REST, SOAP, and GraphQL APIs during authorized bug bounty work. It covers the full workflow from reconnaissance through Swagger docs and Kiterunner to exploiting IDORs, authentication bypasses, and injection flaws. The GraphQL section is especially detailed with introspection queries, batching attacks for rate limit bypass, and schema enumeration techniques. Includes specific payloads for SQL injection in JSON, XXE attacks, SSRF via PDF exports, and a solid collection of 403 bypass tricks. The tables and checklists make it easy to reference during actual assessments. Only use this on systems you're explicitly authorized to test.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill api-fuzzing-bug-bounty