Tools & Scanners

GitHub - fatihtuzunn/api-pentesting-tool: Node.js-based API penetration testing tool with a user-friendly web interface.GitHub

OWASP OFFAT

GitHub - OWASP/OFFAT: The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.GitHub

SOAPi

GitHub - andrei8055/SOAPI: SOAPI - The OpenAPI Documentation ScannerGitHub

Online

Test Your API for Free | Instant API Vulnerability Scan by APIsecwww.apisec.ai

API Vulnerability Scanner | Online API security testing toolPentest-Tools.com

Burp Scan

Running API-only scans - PortSwiggerBurp_Suite

SoapUI

The World’s Most Popular API Testing Tool | SoapUIwww.soapui.org

Getting Started With SoapUISoapUI Docs

WSDL

Use Of SoapUIC# Corner

Send request to Burp

SoapUI configuration with BurpSuiteMedium

Postman

Postman Usage

Install and update Postman | Postman DocsPostman Docs

On DevTools, Network, right click on a API request, "Copy as cURL".

Once you have copied the desired request, open Postman. Select Import and click on the "Raw text" tab. Paste in the cURL request and select import.

API Burp Extension

5 more Burp extensions for API hackingDana Epp's Blog

API Guesser

API Guesserapi-guesser.netlify.app

VulnAPI

GitHub - cerberauth/vulnapi: API Security Vulnerability Scanner designed to help you secure your APIs.GitHub

AKTO

GitHub - akto-api-security/akto: Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposureGitHub

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

Hacking APIs: Breaking Web Application Programming Interfaces A crash course in web API security testing that will prepare you to penetration-test APIs, reap high rewards on bug bounty programs, and make your own APIs more secure.
Black Hat GraphQL: Attacking Next Generation APIs This hands-on book teaches penetration testers how to identify vulnerabilities in apps that use GraphQL, a data query and manipulation language for APIs adopted by major companies like Facebook and GitHub.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.

PreviousGraphQL NextResources

Last updated 7 months ago

hashtagOWASP OFFAT

hashtagSOAPi

hashtagOnline

hashtagBurp Scan

hashtagSoapUI

hashtagPostman

hashtagAPI Burp Extension

hashtagAPI Guesser

hashtagVulnAPI

hashtagAKTO

hashtagInteresting Books

hashtagSupport this Gitbook