api-recon-and-docs

Original：🇺🇸 English

Translated

API reconnaissance and documentation review playbook. Use when discovering endpoints, schemas, versions, OpenAPI specs, hidden docs, and surface area for API testing.

3installs

Sourceyaklang/hack-skills

Added on2026-04-09

NPX Install

npx skill4agent add yaklang/hack-skills api-recon-and-docs

SKILL.md Content

View Translation Comparison →

SKILL: API Recon and Docs — Endpoints, Schemas, and Version Surface

AI LOAD INSTRUCTION: Use this skill first when the target is a REST, mobile, or GraphQL API and you need to enumerate endpoints, documentation, versions, and hidden surface area before exploitation.

1. PRIMARY GOALS

Discover all reachable API entrypoints.
Extract schemas, optional fields, and role differences.
Identify old versions, mobile paths, GraphQL endpoints, and undocumented parameters.

2. RECON CHECKLIST

JavaScript and client mining

bash

curl https://target/app.js | grep -oE '(/api|/rest|/graphql)[^"'\'' ]+' | sort -u

Common documentation and schema paths

text

/swagger.json
/openapi.json
/api-docs
/docs
/.well-known/
/graphql
/gql

Version and product drift