maxtac-web-api-fuzzing
CommunityStateful web API fuzzing, enhance your security testing.
Authorphilo-groves
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill solves the problem of inadequate web API security testing by providing stateful fuzzing, which is essential for identifying vulnerabilities in APIs that rely on the sequence of requests and responses.
Core Features & Use Cases
- Stateful Request Fuzzing: Supports stateful request fuzzing, schema-backed fuzzing, parameter fuzzing, and captured HTTP replay.
- Logic-Oracle Evidence: Generates evidence that includes API spec, GraphQL schema, HAR/curl replay, auth context, and relevant logs for in-depth analysis.
- Use Case: Consider an e-commerce application. Use this Skill to fuzz the payment API, ensuring that it handles various sequences of payment requests without introducing vulnerabilities like timing attacks or sensitive data leaks.
Quick Start
Execute the fuzz-campaign script with the target API endpoint and relevant parameters:
python3 <skill-dir>/scripts/fuzz-campaign.py init \
--target "payment API endpoint" \
--target-version "v1.2.3" \
--tool Schemathesis \
--scope "authorized staging tenant"
Dependency Matrix
Required Modules
None requiredComponents
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: maxtac-web-api-fuzzing Download link: https://github.com/philo-groves/MaxTAC/archive/main.zip#maxtac-web-api-fuzzing Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 620,000+ vetted skills library on demand.