#api

Damn Vulnerable RESTaurant
Damn Vulnerable RESTaurant

An intentionally vulnerable web API game for learning and training purposes.

LEAKEY
LEAKEY

Bash script which checks and validates for leaked credentials.

Porch-Pirate
Porch-Pirate

The most comprehensive Postman recon / OSINT client and framework.

pipedream
pipedream

Collect HTTP or webhook requests and inspect them in a human-friendly way.

Swagger Jacker
Swagger Jacker

Designed to assist with auditing of exposed Swagger/OpenAPI) definition files.

Astra
Astra

Automated Security Testing For REST API's.

graphql-voyager
graphql-voyager

Represent any GraphQL API as an interactive graph.

karma v2
karma v2

Passive open source intelligence automated reconnaissance.

shosubgo
shosubgo

Small tool to grab subdomains using Shodan API.

CypherDog
CypherDog

PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.

c{api}tal
c{api}tal

A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.

API fuzzer
API fuzzer

Fuzz request attributes using common pentesting techniques and lists vulnerabilities.

kiterunner
kiterunner

Contextual content discovery tool.

RESTler
RESTler

A stateful fuzzing tool for automatically testing cloud services through their REST APIs.

haktrails
haktrails

Golang client for querying SecurityTrails API data.

swagroutes
swagroutes

Extract and list API routes from Swagger files in YAML/JSON format.

Nmap-API
Nmap-API

Create a Nmap API that can do scans with a good speed online and is easy to deploy.

keyhacks.sh
keyhacks.sh

Automation of tokens/api keys testing.

ScareCrow
ScareCrow

Payload creation framework designed around EDR bypass.

Dumpert
Dumpert

LSASS memory dumper using direct system calls and API unhooking.

Vampi
Vampi

Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.

Graphicator
Graphicator

Enumerate and extract GraphQL APIs.

Gorsair
Gorsair

Gives root access on remote docker containers that expose their APIs.

Covenant
Covenant

Collaborative C2 framework for red teamers.

OpenAPI
OpenAPI

Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.

Burp Extender API
Burp Extender API

Burp Extender API.

SQLi-Hunter
SQLi-Hunter

Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.

Race The Web
Race The Web

Tests for race conditions in web applications.

Fuzzapi
Fuzzapi

Used for REST API pentesting and provide UI solution for gem.