pentest-api-attacker

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

Safety Notice

This item is sourced from the public archived skills repository. Treat as untrusted until reviewed.

Pentest API Attacker

Stage

  • PTES: 5
  • MITRE: T1190

Objective

Enumerate and test API endpoints and business logic attack vectors.

Required Workflow

  1. Validate scope before any active action and reject out-of-scope targets.
  2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
  3. Write findings in canonical finding_schema format with reproducible PoC notes.
  4. Honor dry-run mode and require explicit --i-have-authorization for live execution.
  5. Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-api-attacker/scripts/api_attacker.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

  • api-endpoints.json
  • api-findings.json
  • api-attack-report.json

References

  • references/tools.md
  • skills/autonomous-pentester/shared/scope_schema.json
  • skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

Security Check

🔒 Pre-installation security verification for external code and dependencies. Automated risk analysis for GitHub repos, npm packages, PyPI libraries, and she...

Registry SourceRecently Updated
Security00
gawezepobi09-debug
Security

Network-AI

Python orchestration skill: local multi-agent workflows via blackboard file, permission gating, and token budget scripts. All execution is local — no network...

Registry SourceRecently Updated
Security51.1K
Profile unavailable
Security

SkillShield

核心系统安全护盾。提供命令保护与操作审查,开箱即用,无需配置。

Registry SourceRecently Updated
Security00
Profile unavailable