AI Agent Skill HUB
multiAI Summary Pending

pentest-api-attacker

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

3,556 stars
byopenclaw
View on GitHubInstallation ↓

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/pentest-api-attacker/SKILL.md --create-dirs "https://raw.githubusercontent.com/openclaw/skills/main/skills/0x-professor/pentest-api-attacker/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/pentest-api-attacker/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How pentest-api-attacker Compares

Feature / Agentpentest-api-attackerStandard Approach
Platform SupportmultiLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

Which AI agents support this skill?

This skill is compatible with multi.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Pentest API Attacker

## Stage

- PTES: 5
- MITRE: T1190

## Objective

Enumerate and test API endpoints and business logic attack vectors.

## Required Workflow

1. Validate scope before any active action and reject out-of-scope targets.
2. Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
3. Write findings in canonical finding_schema format with reproducible PoC notes.
4. Honor dry-run mode and require explicit --i-have-authorization for live execution.
5. Export deterministic artifacts for downstream skill consumption.

## Execution

```bash
python skills/pentest-api-attacker/scripts/api_attacker.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run
```

## Outputs

- `api-endpoints.json`
- `api-findings.json`
- `api-attack-report.json`

## References

- `references/tools.md`
- `skills/autonomous-pentester/shared/scope_schema.json`
- `skills/autonomous-pentester/shared/finding_schema.json`

## Legal and Ethical Notice

```text
WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

```