Back to Details

api-recon-and-docs

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

SKILL: API Recon and Docs — Endpoints, Schemas, and Version Surface

SKILL: API侦察与文档——端点、模式和版本暴露面

AI LOAD INSTRUCTION: Use this skill first when the target is a REST, mobile, or GraphQL API and you need to enumerate endpoints, documentation, versions, and hidden surface area before exploitation.
AI加载说明:当目标为REST、移动或GraphQL API,且你需要在漏洞利用前枚举端点、文档、版本和隐藏暴露面时,优先使用此技能。

1. PRIMARY GOALS

1. 主要目标

  1. Discover all reachable API entrypoints.
  2. Extract schemas, optional fields, and role differences.
  3. Identify old versions, mobile paths, GraphQL endpoints, and undocumented parameters.
  1. 发现所有可访问的API入口点。
  2. 提取模式、可选字段和角色差异。
  3. 识别旧版本、移动路径、GraphQL端点和未记录参数。

2. RECON CHECKLIST

2. 侦察清单

JavaScript and client mining

JavaScript与客户端挖掘

bash
curl https://target/app.js | grep -oE '(/api|/rest|/graphql)[^"'\'' ]+' | sort -u
bash
curl https://target/app.js | grep -oE '(/api|/rest|/graphql)[^"'\'' ]+' | sort -u

Common documentation and schema paths

常见文档和模式路径

text
/swagger.json
/openapi.json
/api-docs
/docs
/.well-known/
/graphql
/gql
text
/swagger.json
/openapi.json
/api-docs
/docs
/.well-known/
/graphql
/gql

Version and product drift

版本与产品漂移

text
/api/v1/
/api/v2/
/api/mobile/v1/
/legacy/
text
/api/v1/
/api/v2/
/api/mobile/v1/
/legacy/

3. WHAT TO EXTRACT FROM DOCS

3. 需从文档中提取的内容

  • optional and undocumented fields
  • admin-only request examples
  • deprecated endpoints that may still be active
  • schema hints like 
    additionalProperties: true
  • parameter names tied to filtering, sorting, IDs, roles, or tenancy
  • 可选和未记录字段
  • 仅管理员可见的请求示例
  • 可能仍处于活跃状态的已弃用端点
  • 模式提示,例如
    additionalProperties: true
  • 与过滤、排序、ID、角色或租户关联的参数名称

4. NEXT ROUTING

4. 后续流程指引

FindingNext Skill
object IDs everywhereapi authorization and bola
JWT, OAuth, role claimsapi auth and jwt abuse
GraphQL or hidden fieldsgraphql and hidden parameters
strong auth boundary but suspicious business flowbusiness logic vulnerabilities
发现内容后续技能
随处可见的对象IDapi authorization and bola
JWT、OAuth、角色声明api auth and jwt abuse
GraphQL或隐藏字段graphql and hidden parameters
身份验证边界严格但业务流程可疑business logic vulnerabilities