maxtac-web-api-fuzzing

Community

Stateful web API fuzzing, enhance your security testing.

Authorphilo-groves
Version1.0.0
Installs0

System Documentation

What problem does it solve?

This Skill solves the problem of inadequate web API security testing by providing stateful fuzzing, which is essential for identifying vulnerabilities in APIs that rely on the sequence of requests and responses.

Core Features & Use Cases

  • Stateful Request Fuzzing: Supports stateful request fuzzing, schema-backed fuzzing, parameter fuzzing, and captured HTTP replay.
  • Logic-Oracle Evidence: Generates evidence that includes API spec, GraphQL schema, HAR/curl replay, auth context, and relevant logs for in-depth analysis.
  • Use Case: Consider an e-commerce application. Use this Skill to fuzz the payment API, ensuring that it handles various sequences of payment requests without introducing vulnerabilities like timing attacks or sensitive data leaks.

Quick Start

Execute the fuzz-campaign script with the target API endpoint and relevant parameters:

python3 <skill-dir>/scripts/fuzz-campaign.py init \
  --target "payment API endpoint" \
  --target-version "v1.2.3" \
  --tool Schemathesis \
  --scope "authorized staging tenant"

Dependency Matrix

Required Modules

None required

Components

scriptsreferences

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: maxtac-web-api-fuzzing
Download link: https://github.com/philo-groves/MaxTAC/archive/main.zip#maxtac-web-api-fuzzing

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.