This is a comprehensive reference for offensive API testing during bug bounties and pentests. It covers REST, SOAP, and GraphQL with concrete techniques for finding IDORs, authentication bypasses, injection points, and rate limit issues. The GraphQL section is especially dense with introspection queries, batching attacks, and schema enumeration tricks. It includes actual payloads you can adapt, like IDOR bypass techniques using array wrapping and parameter pollution, plus endpoint bypass strings for 403 responses. The checklist format makes it easy to methodically work through common API vulnerabilities. If you're hunting bugs or doing authorized security assessments, this gives you a structured workflow with ready to use examples rather than theoretical descriptions.
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill api-fuzzing-for-bug-bounty