hunt-api-misconfig
CommunityExpose API misconfigs and JWT flaws fast
System Documentation
What problem does it solve?
It helps security hunters quickly identify and validate high-impact API security misconfigurations that enable privilege escalation, account takeover, cross-origin data exposure, and other systemic auth/data-leak failures.
Core Features & Use Cases
- Mass assignment & privilege escalation: Detects endpoints that blindly apply user-controlled fields (for example, turning a normal user into admin by submitting role or verification flags).
- JWT weaknesses & token manipulation: Finds and tests common JWT flaws such as alg=none acceptance, algorithm confusion (e.g., RS256 vs HS256), and token/header manipulation vectors.
- Prototype pollution, CORS, and HTTP verb attacks: Identifies JSON/object merge pollution paths, CORS credentialed misconfigurations, and HTTP method tampering that can bypass intended protections.
Use case example: A target application’s API returns “extra” fields in responses and accepts attacker-injected JWT claims; use this Skill to validate misconfiguration impact and produce a structured vulnerability path with evidence.
Quick Start
Use the hunt-api-misconfig skill against the target API by requesting a focused misconfiguration report with mass-assignment tests, JWT validation checks, and CORS/verb-tampering evidence.
Dependency Matrix
Required Modules
None requiredComponents
Standard package💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: hunt-api-misconfig Download link: https://github.com/AKasem1/claude-bug-bounty/archive/main.zip#hunt-api-misconfig Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.