Menu
Modern API category — gRPC, SOAP/WSDL, WebSocket, Server-Sent Events. Routing skill: identify the API protocol from the response Content-Type or wire format, then load the matching sub-skill.
| name | api-overview |
| description | Modern API category — gRPC, SOAP/WSDL, WebSocket, Server-Sent Events. Routing skill: identify the API protocol from the response Content-Type or wire format, then load the matching sub-skill. |
| allowed-tools | Bash Read Write |
| metadata | {"when_to_use":"api protocol modern grpc soap wsdl websocket ws sse server-sent-events http2 streaming","subdomain":"api","tags":"api, modern-protocols","mitre_attack":"T1190"} |
This is a routing skill. Identify the API protocol then load the matching sub-skill.
| Protocol | Sub-skill | Wire signature |
|---|---|---|
| gRPC | grpc | HTTP/2 + `application/grpc[+proto |
| SOAP/WSDL | soap-wsdl | XML body in text/xml/application/soap+xml, ?wsdl discovery |
| WebSocket | websocket | HTTP Upgrade: websocket handshake, then framed binary/text |
| Server-Sent Events | server-sent-events | Content-Type: text/event-stream, one-way streaming |
# gRPC?
curl -sk -I --http2 https://target/svc | grep -i 'application/grpc'
# SOAP?
curl -sk "https://target/endpoint?wsdl" | head -1 # XML WSDL doc
curl -sk -X POST -H 'Content-Type: text/xml' https://target/endpoint # 500 with SOAP fault
# WebSocket?
curl -sk -I -H "Connection: Upgrade" -H "Upgrade: websocket" https://target/ws | head -1
# 101 = WS upgrade
# SSE?
curl -sk -i https://target/stream -H "Accept: text/event-stream" | grep 'text/event-stream'
For REST + GraphQL go to:
load_skill("/skills/standard/exploit/web/SKILL.md") — sub-skills graphql, idor, mass-assignment, etc.Author and deploy an evilginx2 phishlet to reverse-proxy a real login and capture the post-authentication session cookie, defeating MFA via session-token theft.
Build and launch a tracked phishing campaign with the GoPhish REST API — sending profile, groups, email template, landing page, launch, and event polling.
Register and provision a lookalike / Punycode phishing domain with DNS and TLS so GoPhish and evilginx2 lures resolve and pass modern mail + browser checks.
Harvest and replay O365 / Entra ID access via the OAuth device-code flow and captured tokens (TokenTactics-style), skipping the password + MFA prompts.
Design a credible phishing pretext and target shortlist from OSINT before any campaign is built — sender persona, scenario, timing, and the minimal target set.
Phishing / social-engineering catalog for the Phisher agent. Use ONLY when the engagement RoE authorizes a phishing engagement. Covers pretext design, GoPhish campaigns, evilginx2 MFA-bypass proxying, O365 credential/token harvest, lookalike domains, and the mandatory blue-team deconfliction handshake.