PowerShell Cmdlets to interact with BloodHound Data via Neo4j HTTP API.
An intentionally vulnerable web API game for learning and training purposes.
Bash script which checks and validates for leaked credentials.
The most comprehensive Postman recon / OSINT client and framework.
Collect HTTP or webhook requests and inspect them in a human-friendly way.
Designed to assist with auditing of exposed Swagger/OpenAPI) definition files.
Automated Security Testing For REST API's.
Represent any GraphQL API as an interactive graph.
Passive open source intelligence automated reconnaissance.
Small tool to grab subdomains using Shodan API.
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities.
Fuzz request attributes using common pentesting techniques and lists vulnerabilities.
Contextual content discovery tool.
A stateful fuzzing tool for automatically testing cloud services through their REST APIs.
Golang client for querying SecurityTrails API data.
Extract and list API routes from Swagger files in YAML/JSON format.
Create a Nmap API that can do scans with a good speed online and is easy to deploy.
Automation of tokens/api keys testing.
Payload creation framework designed around EDR bypass.
LSASS memory dumper using direct system calls and API unhooking.
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing.
Enumerate and extract GraphQL APIs.
Gives root access on remote docker containers that expose their APIs.
Collaborative C2 framework for red teamers.
Parse OpenAPI specifications into the BurpSuite for automating RESTful API testing.
Burp Extender API.
Simple HTTP(S) proxy server and a SQLMAP API wrapper that makes digging SQLi easy.
Tests for race conditions in web applications.
Used for REST API pentesting and provide UI solution for gem.