# Tools & Scanners

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA)

{% embed url="<https://github.com/fatihtuzunn/api-pentesting-tool>" %}

## OWASP OFFAT

{% embed url="<https://github.com/OWASP/OFFAT?tab=readme-ov-file>" %}

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2Frh15p6AsBCr7zMoNhzvl%2Fimage.png?alt=media&#x26;token=22780576-cc25-4e09-8376-9b3e9a8b96ca" alt=""><figcaption></figcaption></figure>

## SOAPi

{% embed url="<https://github.com/andrei8055/SOAPI>" %}

## Online

{% embed url="<https://www.apisec.ai/sign-up>" %}

{% embed url="<https://pentest-tools.com/website-vulnerability-scanning/api-scanner>" %}

## Burp Scan

{% embed url="<https://portswigger.net/burp/documentation/desktop/running-scans/api-scans>" %}

## SoapUI

{% embed url="<https://www.soapui.org/tools/soapui/>" %}

{% embed url="<https://www.soapui.org/getting-started/introduction/>" %}

WSDL

{% embed url="<https://www.csharp.com/UploadFile/430b84/use-of-soap-ui/>" %}

Send request to Burp

{% embed url="<https://bug-rider.medium.com/soapui-configuration-with-burpsuite-b082dadec5dc>" %}

## Postman

{% content-ref url="postman-usage" %}
[postman-usage](https://0xss0rz.gitbook.io/0xss0rz/pentest/api/postman-usage)
{% endcontent-ref %}

{% embed url="<https://learning.postman.com/docs/getting-started/installation/installation-and-updates/>" %}

On DevTools, Network, right click on a API request, "Copy as cURL".&#x20;

Once you have copied the desired request, open Postman. Select Import and click on the "Raw text" tab. Paste in the cURL request and select import.

## API Burp Extension

{% embed url="<https://danaepp.com/5-more-burp-extensions-for-api-hacking>" %}

## API Guesser

{% embed url="<https://api-guesser.netlify.app/>" %}

## VulnAPI

{% embed url="<https://github.com/cerberauth/vulnapi>" %}

## AKTO

{% embed url="<https://github.com/akto-api-security/akto>" %}

## [Earn Free Crypto / BTC with Cointiply](https://cointiply.com/r/pkZxp)

[**Play Games Earn Cash Rewards**](https://cointiply.com/r/pkZxp)

<figure><img src="https://4199783661-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-MFF3hT6DtJlHn9jAel9%2Fuploads%2FtT3srZzbUxV8iN6zjNrl%2Fimage.png?alt=media&#x26;token=962e4759-e8b9-4e26-b998-6df524fdfaf8" alt=""><figcaption></figcaption></figure>

## Interesting Books

{% content-ref url="../../interesting-books" %}
[interesting-books](https://0xss0rz.gitbook.io/0xss0rz/interesting-books)
{% endcontent-ref %}

{% hint style="info" %}
**Disclaimer**: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.
{% endhint %}

* [**Hacking APIs: Breaking Web Application Programming Interfaces**](https://www.amazon.fr/dp/1718502443?tag=0xss0rz-21)\
  A crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
* [**Black Hat GraphQL: Attacking Next Generation APIs**](https://www.amazon.fr/dp/B0B7Q8BYG1?tag=0xss0rz-21)\
  This hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

## Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

[![ko-fi](https://ko-fi.com/img/githubbutton_sm.svg)](https://ko-fi.com/Y8Y41FQ2GA)

[![buymeacoffee](https://cdn.buymeacoffee.com/buttons/v2/default-yellow.png)](https://buymeacoffee.com/0xss0rz)