PluginBench
Skill
Review
Audit score 70

api-recon-and-docs

yaklang/hack-skills

How to install api-recon-and-docs

npx skills add https://github.com/yaklang/hack-skills --skill api-recon-and-docs
Claude Code
Cursor
Windsurf
Cline
Full instructions (SKILL.md)

Source of truth, from yaklang/hack-skills.


name: api-recon-and-docs description: >- API reconnaissance and documentation review playbook. Use when discovering endpoints, schemas, versions, OpenAPI specs, hidden docs, and surface area for API testing.

SKILL: API Recon and Docs — Endpoints, Schemas, and Version Surface

AI LOAD INSTRUCTION: Use this skill first when the target is a REST, mobile, or GraphQL API and you need to enumerate endpoints, documentation, versions, and hidden surface area before exploitation.

1. PRIMARY GOALS

  1. Discover all reachable API entrypoints.
  2. Extract schemas, optional fields, and role differences.
  3. Identify old versions, mobile paths, GraphQL endpoints, and undocumented parameters.

2. RECON CHECKLIST

JavaScript and client mining

curl https://target/app.js | grep -oE '(/api|/rest|/graphql)[^"'\'' ]+' | sort -u

Common documentation and schema paths

/swagger.json
/openapi.json
/api-docs
/docs
/.well-known/
/graphql
/gql

Version and product drift

/api/v1/
/api/v2/
/api/mobile/v1/
/legacy/

3. WHAT TO EXTRACT FROM DOCS

  • optional and undocumented fields
  • admin-only request examples
  • deprecated endpoints that may still be active
  • schema hints like additionalProperties: true
  • parameter names tied to filtering, sorting, IDs, roles, or tenancy

4. NEXT ROUTING

FindingNext Skill
object IDs everywhereapi authorization and bola
JWT, OAuth, role claimsapi auth and jwt abuse
GraphQL or hidden fieldsgraphql and hidden parameters
strong auth boundary but suspicious business flowbusiness logic vulnerabilities