Tools & Scanners

LogoGitHub - fatihtuzunn/api-pentesting-tool: Node.js-based API penetration testing tool with a user-friendly web interface.GitHub

OWASP OFFAT

LogoGitHub - OWASP/OFFAT: The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.GitHub

SOAPi

LogoGitHub - andrei8055/SOAPI: SOAPI - The OpenAPI Documentation ScannerGitHub

Online

LogoSign Up
LogoAPI Vulnerability Scanner | Online API security testing toolPentest-Tools.com

Burp Scan

LogoRunning API-only scansBurp_Suite

SoapUI

LogoThe World’s Most Popular API Testing Tool | SoapUI
LogoAn Introduction to API Testing with SoapUI

WSDL

LogoUse Of SoapUICSharp.com

Send request to Burp

https://bug-rider.medium.com/soapui-configuration-with-burpsuite-b082dadec5dcbug-rider.medium.com

Postman

Postman Usage
LogoInstall and update Postman | Postman Learning CenterPostman Learning Center

On DevTools, Network, right click on a API request, "Copy as cURL".

Once you have copied the desired request, open Postman. Select Import and click on the "Raw text" tab. Paste in the cURL request and select import.

API Burp Extension

Logo5 more Burp extensions for API hackingDana Epp's Blog

API Guesser

API Guesser

VulnAPI

LogoGitHub - cerberauth/vulnapi: API Security Vulnerability Scanner designed to help you secure your APIs.GitHub

AKTO

LogoGitHub - akto-api-security/akto: Proactive, Open source API security → API discovery, Testing in CI/CD, Test Library with 150+ Tests, Add custom tests, Sensitive data exposureGitHub

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousGraphQLNextResources

Last updated