P

Pentest Api Attacker

pentest-api-attacker

🌐 English

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

数据来源：ClawHub。在 ClawSkills 查看

1.1k下载量

1收藏数

8浏览量

安装

选择你使用的 Agent

方法一：命令行安装（推荐）

关于 Pentest Api Attacker

--- name: pentest-api-attacker description: Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks. ---

Pentest API Attacker

Stage

PTES: 5
MITRE: T1190

Objective

Enumerate and test API endpoints and business logic attack vectors.

Required Workflow

Validate scope before any active action and reject out-of-scope targets.
Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
Write findings in canonical finding_schema format with reproducible PoC notes.
Honor dry-run mode and require explicit --i-have-authorization for live execution.
Export deterministic artifacts for downstream skill consumption.

Execution

python skills/pentest-api-attacker/scripts/api_attacker.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-run

Outputs

api-endpoints.json
api-findings.json
api-attack-report.json

References

references/tools.md
skills/autonomous-pentester/shared/scope_schema.json
skills/autonomous-pentester/shared/finding_schema.json

Legal and Ethical Notice

WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.

Prompt 示例

安装 Pentest Api Attacker 后，可以对 AI 说这些话来触发它

U

Help me get started with Pentest Api Attacker

A

Explains what Pentest Api Attacker does, walks through the setup, and runs a quick demo based on your current project

U

Use Pentest Api Attacker to test APIs against OWASP API Security Top 10 including discovery, au...

A

Invokes Pentest Api Attacker with the right parameters and returns the result directly in the conversation

U

What can I do with Pentest Api Attacker in my developer & devops workflow?

A

Lists the top use cases for Pentest Api Attacker, with example commands for each scenario

常见问题

如何安装 Pentest Api Attacker？▾

将技能文件夹放到 ~/.claude/skills/pentest-api-attacker/ 目录（个人级，所有项目可用），或 .claude/skills/pentest-api-attacker/（项目级）。重启 AI 客户端后，用 /pentest-api-attacker 主动调用，或让 AI 根据上下文自动发现并使用。

Pentest Api Attacker 支持哪些 AI 平台？▾

Pentest Api Attacker 支持 Claude、Cursor、OpenClaw，可与这些 AI 平台无缝集成，扩展其能力。

Pentest Api Attacker 是免费的吗？▾

Pentest Api Attacker 可免费安装使用。请查阅仓库了解许可证信息。

Pentest Api Attacker 有什么功能？▾

Test APIs against OWASP API Security Top 10 including discovery, auth abuse, and protocol-specific checks.

Pentest Api Attacker 属于哪个分类？▾

Pentest Api Attacker 属于「Developer & DevOps」分类，该分类的技能帮助 AI 智能体在此领域执行专业任务。

使用场景

Getting Started with Pentest Api Attacker→Automate Developer & DevOps Workflows with Pentest Api Attacker→Team Collaboration with Pentest Api Attacker→