api-noauth-hunt
CommunityExploit unauthenticated APIs for data access and CRUD.
Software Engineering#vulnerability assessment#penetration testing#data breach#api security#api reconnaissance#unauthenticated api#crud testing
Authoruphiago
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill addresses the high-risk vulnerability of APIs with no authentication, which leads to unauthorized data theft, full CRUD operation access, and complete system compromise, a flaw confirmed across hundreds of real-world targets including enterprise tax portals, healthcare systems, and fintech platforms.
Core Features & Use Cases
- Unauthenticated API Discovery: Fuzzes common API paths and identifies exposed endpoints, OpenAPI/Swagger schemas, and GraphQL interfaces on non-standard ports and API subdomains.
- Full CRUD Validation: Tests read, create, update, and delete functionality on exposed endpoints to confirm exploitability, including login bypass tests for endpoints that accept empty or invalid credentials.
- Real-World Validated Use Cases: Has been used to extract PII from 1,082 client records on an enterprise tax portal (CVSS 10.0), access 34 hospital user accounts with plaintext passwords, and retrieve 59 energy contract records with AWS cost data.
Quick Start
Use the api-noauth-hunt skill to scan the target URL https://api.target.com for unauthenticated API endpoints and test for full CRUD access.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: api-noauth-hunt Download link: https://github.com/uphiago/recon-skills/archive/main.zip#api-noauth-hunt Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.