#Api-security

Showing 37 of 37 repositories tagged #api-security, ranked by stars

sqlmapproject
sqlmapproject
sqlmap

Automatic SQL injection and database takeover tool

Score
0
★ 37.8k ⑂ 6.3k +43/day
Python
jassics
jassics
security-study-plan

Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...

Score
100
★ 5.0k ⑂ 628 +3/day
arainho
arainho
awesome-api-security

A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

Score
97
★ 3.9k ⑂ 649 +4/day
inonshk
inonshk
31-days-of-API-Security-Tips

This challenge is Inon Shkedy's 31 days API Security Tips.

Score
59
★ 2.2k ⑂ 350
HolyBugx
HolyBugx
HolyTips

A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.

Score
55
★ 2.0k ⑂ 335 +1/day
wallarm
wallarm
gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

Score
52
★ 1.8k ⑂ 257
Go
metlo-labs
metlo-labs
metlo

Metlo is an open-source API security platform.

Score
48
★ 1.8k ⑂ 105
TypeScript
Safe3
Safe3
uusec-waf

Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.

Score
90
★ 1.7k ⑂ 168 +2/day
Shell
openappsec
openappsec
openappsec

open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.

Score
100
★ 1.6k ⑂ 127 +3/day
C++
akto-api-security
akto-api-security
akto

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

Score
93
★ 1.5k ⑂ 285
Java
owasp-noir
owasp-noir
noir

Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.

Score
86
★ 1.3k ⑂ 141
Crystal
blst-security
blst-security
cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

Score
41
★ 1.2k ⑂ 84
Rust
Zeyad-Azima
Zeyad-Azima
Offensive-Resources

A Huge Learning Resources with Labs For Offensive Security Players

Score
72
★ 1.2k ⑂ 244 +1/day
dsopas
dsopas
MindAPI

Organize your API security assessment by using MindAPI. It's free and open for community collaboration.

Score
83
★ 877 ⑂ 165
Mehdi0x90
Mehdi0x90
Web_Hacking

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Score
79
★ 790 ⑂ 149 +4/day
wallarm
wallarm
awesome-nginx-security

🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)

Score
31
★ 783 ⑂ 75 +2/day
momenbasel
momenbasel
keyFinder

Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.

Score
76
★ 692 ⑂ 120 +2/day
JavaScript
wallarm
wallarm
api-firewall

Fast and light-weight API proxy firewall for request and response validation by OpenAPI specs.

Score
69
★ 652 ⑂ 61
Go
openclarity
openclarity
apiclarity

An API security tool to capture and analyze API traffic, test API endpoints, reconstruct Open API specification, and identify API security risks. 

Score
0
★ 576 ⑂ 74
Go
mytechnotalent
mytechnotalent
Go-Hacking

A FREE comprehensive online Go hacking tutorial utilizing the x64, ARM64 and ARM32 architectures going step-by-step into the world of reverse engineering Golang from scratch.

Score
66
★ 374 ⑂ 44 +3/day
Go
TPIsoftwareOSPO
TPIsoftwareOSPO
digiRunner-Open-Source

digiRunner: Your API Gateway for Microservices

Score
50
★ 306 ⑂ 16
Java
cerberauth
cerberauth
vulnapi

API Security Vulnerability Scanner designed to help you secure your APIs.

Score
62
★ 275 ⑂ 37 +1/day
Go
yogsec
yogsec
API-Pentesting-Tools

API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).

Score
45
★ 242 ⑂ 37 +1/day
canarybyte
canarybyte
veridrop

AI API 中转站检测工具:Claude 中转站检测、OpenAI 中转站检测、Gemini 中转站检测,中转站真伪检测、长上下文验证、思维签名验证、中转站红黑榜,自托管开源。

Score
0
★ 191 ⑂ 24 +17/day
Python
praetorian-inc
praetorian-inc
vespasian

API discovery tool that maps attack surfaces from captured traffic and generates specs for REST, GraphQL, SOAP, and WebSocket APIs

Score
38
★ 106 ⑂ 6
Go
TheSecuredAnalyst
TheSecuredAnalyst
security-suite

Open-source security suite for OSINT, web scanning, API testing, SIEM integration, and AI-powered analysis

Score
34
★ 90 ⑂ 13 +1/day
Python
abunuwas
abunuwas
fencer

Automated API security testing

Score
7
★ 87 ⑂ 12
Python
approov
approov
shipfast-api-protection

Learn practical Mobile and API security techniques: API Key, Static and Dynamic HMAC, Dynamic Certificate Pinning, and Mobile App Attestation.

Score
100
★ 84 ⑂ 13
Kotlin
Teycir
Teycir
BurpAPISecuritySuite

Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.

Score
28
★ 73 ⑂ 9
Python
praetorian-inc
praetorian-inc
hadrian

API security testing framework for REST, GraphQL, and gRPC that validates authorization logic using role-based testing and YAML-driven templates

Score
24
★ 67 ⑂ 4 +1/day
Go
Escape-Technologies
Escape-Technologies
graphql-security-academy

🔒 A free, open-source platform dedicated to understand and secure GraphQL applications — all directly in your browser!

Score
3
★ 65 ⑂ 4
Svelte
yoanbernabeu
yoanbernabeu
supabase-pentest-skills

24 AI Agent Skills for professional security auditing of Supabase applications. Detection, key extraction, RLS testing, storage audit, IDOR detection, and comprehensive reporting. Works with Claude Code, Cursor, Windsurf, and 30+ AI agents.

Score
21
★ 56 ⑂ 3 +2/day
Irench1k
Irench1k
unsafe-code

Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.

Score
17
★ 29 ⑂ 1
Python
approov
approov
AppAuth-OAuth2-Books-Demo

A companion repo for the blog article: https://blog.approov.io/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk

Score
0
★ 27 ⑂ 5
Java
GlueGeomancerStudio
GlueGeomancerStudio
Acunetix-Enterprise

Acunetix Enterprise is a professional web application security scanning solution for Windows with the Complete Edition delivering every premium module and advanced capability enabled. Full feature access with no usage limits — Enterprise Setup supports installation and download for production workflows.

Score
14
★ 20 ⑂ 0
Orizon-eu
Orizon-eu
claude-code-pentest

6 Claude Code skills that automate the entire pentest lifecycle. From recon to exploit chains to bug bounty reports — just give it a domain. 43 scripts, zero dependencies, pure Python.

Score
10
★ 15 ⑂ 5 +1/day
Python
nybble04
nybble04
cybersec-notes

My cyber security notes.

Score
0
★ 14 ⑂ 1
Related Topics
#security#cybersecurity#security-tools#pentesting#application-security#api#penetration-testing#owasp#openapi#web-security#infosec#pentest

© 2026 GitRepoTrend · GitHub repositories by topic · Updated weekly