sensitive_files
Sensitive system file access
Sensitive system file access
Line 141Snippets
<!DOCTYPE test [ <!ENTITY xxe SYSTEM "file:///etc/passwd"> ]><iframe src="file:///etc/passwd" height=1000 width=800>hardcoded_secret
Potentially hardcoded secret
Potentially hardcoded secret
Line 212Snippets
password: "password"mutation {login(input:{email:"a@example.com" password:"password"}){success jwt}}mutation {login(input:{email:"b@example.com" password:"password"}){success jwt}}mutation {login(input:{email:"c@example.com" password:"password"}){success jwt}}network_call
Outbound network call
Outbound network call
Line 395Snippets
- Add `X-Requested-With: XMLHttpRequest` header to simulate frontendcurl -X POST https://target.com/graphql \| API returns nothing | Add `X-Requested-With: XMLHttpRequest` header |curl -X POST https://target.com/graphql \Trust Score
Updated há 6 dias
Analisado
31 de mar. de 2026, 15:56
+ 2 previous scans
Compatível com
Skill details
Updated há 6 dias
Analisado 31 de mar. de 2026, 15:56
Descricao
"Provide comprehensive techniques for testing REST, SOAP, and GraphQL APIs during bug bounty hunting and penetration testing engagements. Covers vulnerability discovery, authentication bypass, IDOR exploitation, and API-specific attack vectors."
Scans recentes
31 de mar. de 2026, 15:56
Latest analysis
31 de mar. de 2026, 15:11
Run 2
27 de mar. de 2026, 15:45
Run 1