Vfapi
Vulnerable FastAPI in reference to Opensource Web Application Security Project (OWASP) TOP 10: 2021
Install / Use
/learn @naryal2580/VfapiREADME
Vulnerable FastAPI is a simple vulnerable FastAPI application for learning API pentesting on vulnerable API endpoints. Please refer to
/docsfor information regarding endpoints.
Current exploitation examples
$ export HOST="127.0.0.1"; export PORT=8888
NoSQLi
$ curl -s "http://$HOST:$PORT/find" -H 'Content-Type: application/json' -d '{"id":{"$in":[1,2]}}' | jq
SQLi
$ curl -s "http://$HOST:$PORT/select?username=%22%20OR%201%3D1%3B%20--%20" | jq
Thanks
Related Skills
oracle
337.3kBest practices for using the oracle CLI (prompt + file bundling, engines, sessions, and file attachment patterns).
prose
337.3kOpenProse VM skill pack. Activate on any `prose` command, .prose files, or OpenProse mentions; orchestrates multi-agent workflows.
Command Development
83.2kThis skill should be used when the user asks to "create a slash command", "add a command", "write a custom command", "define command arguments", "use command frontmatter", "organize commands", "create command with file references", "interactive command", "use AskUserQuestion in command", or needs guidance on slash command structure, YAML frontmatter fields, dynamic arguments, bash execution in commands, user interaction patterns, or command development best practices for Claude Code.
Plugin Structure
83.2kThis skill should be used when the user asks to "create a plugin", "scaffold a plugin", "understand plugin structure", "organize plugin components", "set up plugin.json", "use ${CLAUDE_PLUGIN_ROOT}", "add commands/agents/skills/hooks", "configure auto-discovery", or needs guidance on plugin directory layout, manifest configuration, component organization, file naming conventions, or Claude Code plugin architecture best practices.
