api-security-testing

Check your WAF before an attacker does

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).

API Security Vulnerability Scanner designed to help you secure your APIs.

Automated API security testing

Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities

GitHub action to run Traceable Active Security Testing in GitHub workflows

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

ScriptOcalypse 🏴‍☠️- Nothing here… just a lot of weird ideas with a chaotic mix of lemonade, boredom, and automation that somehow work.

A community-driven list of custom Escape rules. Test your API security with rules that automatically adapt for you.

Lightweight CLI tool for scanning REST APIs for CORS issues, methods, and info leaks.

OWASP-Top-10-Security-Vulnerabilities-With-Node.js

An intelligent web-proxy that monitors API requests of a web application and detects API security vulnerabilities automatically.

A RESTful API brute-forcing tool in Go for ethical hacking practice. **Gobrute** is built for testing login passwords with multithreading, progress tracking, and customizable payloads, ideal for controlled environments like OWASP Juice Shop.

Replace, load and replay Postman collections to Burp, Zap, etc.