pentest-api-attacker
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChinesePentest API Attacker
API渗透测试工具
Stage
阶段
- PTES: 5
- MITRE: T1190
- PTES: 5
- MITRE: T1190
Objective
目标
Enumerate and test API endpoints and business logic attack vectors.
枚举并测试API端点及业务逻辑攻击向量。
Required Workflow
必要工作流程
- Validate scope before any active action and reject out-of-scope targets.
- Run only authorized checks aligned to PTES, OWASP WSTG, NIST SP 800-115, and MITRE ATT&CK.
- Write findings in canonical finding_schema format with reproducible PoC notes.
- Honor dry-run mode and require explicit --i-have-authorization for live execution.
- Export deterministic artifacts for downstream skill consumption.
- 在执行任何主动操作前验证测试范围,拒绝超出范围的目标。
- 仅运行符合PTES、OWASP WSTG、NIST SP 800-115和MITRE ATT&CK标准的授权检查。
- 以标准finding_schema格式记录发现结果,并附上可复现的PoC说明。
- 遵守试运行模式,正式执行需显式添加--i-have-authorization参数。
- 导出确定性工件供下游skill使用。
Execution
执行命令
bash
python skills/pentest-api-attacker/scripts/api_attacker.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-runbash
python skills/pentest-api-attacker/scripts/api_attacker.py --scope scope.json --target <target> --input <path> --output <path> --format json --dry-runOutputs
输出结果
api-endpoints.jsonapi-findings.jsonapi-attack-report.json
api-endpoints.jsonapi-findings.jsonapi-attack-report.json
References
参考资料
references/tools.mdskills/autonomous-pentester/shared/scope_schema.jsonskills/autonomous-pentester/shared/finding_schema.json
references/tools.mdskills/autonomous-pentester/shared/scope_schema.jsonskills/autonomous-pentester/shared/finding_schema.json
Legal and Ethical Notice
法律与道德声明
text
WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.
text
WARNING AUTHORIZED USE ONLY
This skill executes real security testing tools against live targets.
Use only with written authorization.