Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

aeondave/restler

Name: restler
Author: aeondave

offensive-tools/fuzzing/restler/SKILL.md

npx skillsauth add aeondave/malskill restler

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

restler

RESTler explores deeper API states by inferring request dependencies from OpenAPI definitions.

Workflow (Recommended Order)

Compile: OpenAPI -> RESTler grammar.
Test (smoke): verify setup and required dictionary values.
Fuzz-lean: quick bug hunting baseline.
Fuzz: deep BFS-style state exploration.

Quick Start

# Build (local)
python build-restler.py --dest_dir <restler_bin>

# Typical campaign starts with compile + test before fuzz modes
restler.exe fuzz-lean --grammar_file <grammar.py> --dictionary_file <dict.json>
restler.exe fuzz --grammar_file <grammar.py> --dictionary_file <dict.json> --time_budget 1

Operator Flow

Validate schema quality and authentication path first.
Run test/smoke style workflow to confirm dependencies and dictionary values.
Run fuzz-lean for quick risk discovery.
Run fuzz for deeper sequence exploration with settings file tuning.
Reproduce via replay logs and bug buckets before assigning fixes.

Practical Notes

Always fix setup gaps discovered in test mode before deep fuzzing.
Deep fuzzing can cause service instability/outages on weak implementations.
Use replay logs and bug buckets for deterministic re-validation.

High-Value Settings

fuzzing_mode (bfs, bfs-cheap, random-walk, directed-smoke-test)
max_sequence_length, max_combinations
include/exclude endpoint filters (include_requests, exclude_requests, path_regex)
retry & timing controls (custom_retry_settings, producer_timing_delay)
trace database (use_trace_database) for structured replay workflows

Replay & Triage Pattern

Start from bug_buckets.txt summary.
Open specific bucket replay log and verify request sequence.
Replay with same auth/host settings.
Confirm reproducibility and collect minimal sequence evidence.
Patch server + rerun replay to verify closure.

Common Pitfalls

Skipping auth refresh handling leads to noisy false negatives.
Fuzzing full API surface without scope controls can burn time-budget quickly.
Forgetting manual cleanup after replay-created resources.

Resources

https://github.com/microsoft/restler-fuzzer
https://github.com/microsoft/rest-api-fuzz-testing
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/Fuzzing.md
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/SettingsFile.md
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/BugBuckets.md
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/Replay.md

aeondave/restler

offensive-tools/fuzzing/restler/SKILL.md

Auth/lab ref: Stateful REST API fuzzer from OpenAPI specs. For testing complex API dependency chains, producer-consumer request sequencing, and replayable bug-bucket workflows for API reliability/security testing.

4 stars

development

Updated Jun 8, 2026

$ install --global

skillsauth

npx skillsauth add aeondave/malskill restler

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: Jun 8, 2026, 3:54 AM318.0s1 file scanned

SKILL.md

name:: restler
description:: Auth/lab ref: Stateful REST API fuzzer from OpenAPI specs. For testing complex API dependency chains, producer-consumer request sequencing, and replayable bug-bucket workflows for API reliability/security testing.
license:: MIT
compatibility:: Windows/Linux (64-bit primary), Python +.NET build/runtime.
author:: GitHub Copilot
version:: 1.1

restler

RESTler explores deeper API states by inferring request dependencies from OpenAPI definitions.

Workflow (Recommended Order)

Compile: OpenAPI -> RESTler grammar.
Test (smoke): verify setup and required dictionary values.
Fuzz-lean: quick bug hunting baseline.
Fuzz: deep BFS-style state exploration.

Quick Start

# Build (local)
python build-restler.py --dest_dir <restler_bin>

# Typical campaign starts with compile + test before fuzz modes
restler.exe fuzz-lean --grammar_file <grammar.py> --dictionary_file <dict.json>
restler.exe fuzz --grammar_file <grammar.py> --dictionary_file <dict.json> --time_budget 1

Operator Flow

Validate schema quality and authentication path first.
Run test/smoke style workflow to confirm dependencies and dictionary values.
Run fuzz-lean for quick risk discovery.
Run fuzz for deeper sequence exploration with settings file tuning.
Reproduce via replay logs and bug buckets before assigning fixes.

Practical Notes

Always fix setup gaps discovered in test mode before deep fuzzing.
Deep fuzzing can cause service instability/outages on weak implementations.
Use replay logs and bug buckets for deterministic re-validation.

High-Value Settings

fuzzing_mode (bfs, bfs-cheap, random-walk, directed-smoke-test)
max_sequence_length, max_combinations
include/exclude endpoint filters (include_requests, exclude_requests, path_regex)
retry & timing controls (custom_retry_settings, producer_timing_delay)
trace database (use_trace_database) for structured replay workflows

Replay & Triage Pattern

Start from bug_buckets.txt summary.
Open specific bucket replay log and verify request sequence.
Replay with same auth/host settings.
Confirm reproducibility and collect minimal sequence evidence.
Patch server + rerun replay to verify closure.

Common Pitfalls

Skipping auth refresh handling leads to noisy false negatives.
Fuzzing full API surface without scope controls can burn time-budget quickly.
Forgetting manual cleanup after replay-created resources.

Resources

https://github.com/microsoft/restler-fuzzer
https://github.com/microsoft/rest-api-fuzz-testing
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/Fuzzing.md
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/SettingsFile.md
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/BugBuckets.md
https://raw.githubusercontent.com/microsoft/restler-fuzzer/main/docs/user-guide/Replay.md

Related Skills

aeondave/vibe-audit-technique

development

VerifiedTrustedCommunity

White-box auditing methodology for AI-generated ('vibe-coded') applications. Focuses on modern stack misconfigurations (Supabase, Next.js, Vercel).

4SKILL.mdUpdated Jun 12, 2026

aeondave/vibe-audit-technique

aeondave/source-review-technique

development

VerifiedTrustedCommunity

Hybrid AI/Deterministic SAST methodology for discovering zero-day vulnerabilities in source code. Orchestrates structural search with AI-driven data flow and sink validation.

4SKILL.mdUpdated Jun 12, 2026

aeondave/source-review-technique

aeondave/hardware-technique

development

VerifiedTrustedCommunity

Auth assessment: hardware/embedded methodology; UART/JTAG/SWD/SPI/I2C, firmware extraction, boot/debug paths, embedded OS evidence.

4SKILL.mdUpdated Jun 12, 2026

aeondave/hardware-technique

aeondave/container-technique

devops

VerifiedTrustedCommunity

Container methodology: Identifying containerization limits, Docker/K8s misconfigurations, and executing escapes to the host node.

4SKILL.mdUpdated Jun 12, 2026

aeondave/container-technique

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/aeondave/malskill.git

# Copy into Claude Code skills folder (global)
cp -r malskill/offensive-tools/fuzzing/restler ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

aeondave/malskill

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT