api-hacking

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

GraphQL automated security testing toolkit

API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).

Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.

API Penetration Testing Notes

A Productivity-Boosting Burp Suite extension written in Kotlin that enables persistent sticky session handling in web application testing. Built with the Montoya API and modern Kotlin tooling.

A Swiss knife for API security testing including a docker image, some labs and resources.

A Caido extension written in Typescript that makes an OPTIONS request and determines if other HTTP methods than the original request are available. If there are other methods available, findings are created on the fly which will be enhanced based on pending further capabilities from the Caido SDK.

컴퓨터공학과 해킹과 대응기술 정리입니다.

a api fuzz tool

Caido plugin to cap and split workspace files by size — ideal for proxy files/log uploads with file size limits.

Feature request system.

BOLA_Excessive_Data_Exposure_API_Pentest (Based on crAPI, my learning)