#Api-security
Showing 37 of 37 repositories tagged #api-security, ranked by stars
Automatic SQL injection and database takeover tool
Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...
A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.
This challenge is Inon Shkedy's 31 days API Security Tips.
A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.
An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses
Metlo is an open-source API security platform.
Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.
open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.
Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure
Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
A Huge Learning Resources with Labs For Offensive Security Players
Organize your API security assessment by using MindAPI. It's free and open for community collaboration.
Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.
🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)
Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.
Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.
An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks.
A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.
digiRunner: Your API Gateway for Microservices
API Security Vulnerability Scanner designed to help you secure your APIs.
API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).
AI API 中转站检测工具:Claude 中转站检测、OpenAI 中转站检测、Gemini 中转站检测,中转站真伪检测、长上下文验证、思维签名验证、中转站红黑榜,自托管开源。
API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs
Open-source security suite for OSINT, web scanning, API testing, SIEM integration, and AI-powered analysis
Automated API security testing
Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.
API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven templates
🔒 A free, open-source platform dedicated to understand and secure GraphQL applications — all directly in your browser!
24 AI Agent Skills for professional security auditing of Supabase applications. Detection, key extraction, RLS testing, storage audit, IDOR detection, and comprehensive reporting. Works with Claude Code, Cursor, Windsurf, and 30+ AI agents.
Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.
A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk
Acunetix Enterprise is a professional web application security scanning solution for Windows with the Complete Edition delivering every premium module and advanced capability enabled. Full feature access with no usage limits — Enterprise Setup supports installation and download for production workflows.
6 Claude Code skills that automate the entire pentest lifecycle. From recon to exploit chains to bug bounty reports — just give it a domain. 43 scripts, zero dependencies, pure Python.
My cyber security notes.