I was searching for such resource to work as cheat sheet series and guide me through different attack scenarios for API attacks, didn’t find one, so decided to create it. We will have a reference of OWASP Top 10 project besides some other attacks that weren’t mentioned in the top 10 project.
☆15May 5, 2025Updated 10 months ago
Alternatives and similar repositories for AwesomeAPIAttacksCheatsheet
Users that are interested in AwesomeAPIAttacksCheatsheet are comparing it to the libraries listed below
Sorting:
- ☆23Mar 3, 2020Updated 6 years ago
- Personnel scripts,projects notes,hacks,random thoughts,mindmap etc....☆35Feb 14, 2025Updated last year
- 一款支持检测web应用程序未授权访问缺陷的burp suite插件,可自定义配置检测字段以及返回包json数据分析☆12Apr 22, 2024Updated last year
- Apache Airflow < 2.4.0 DAG example_bash_operator RCE POC☆41Nov 19, 2022Updated 3 years ago
- Burp extension to automatically drop requests that match a certain regex.☆10Mar 10, 2023Updated 2 years ago
- Active Directory share enumeration tool☆12Apr 28, 2025Updated 10 months ago
- A tool to search, find, and download official App Store IPA files, including past versions and tvOS versions. With a Web UI to interact w…☆17Oct 25, 2025Updated 4 months ago
- 四万多条规则,不含广告过滤,避免误杀,内含PAYPAL,TIKTOK,TELEGRAM,YOUTUBE,STREAMING (包含迪士尼奈飞亚马逊等流媒体),WEIBO分组规则,需要自己手动在小火箭里面-全局路由-分组-添加分组,需要以上哪个分组添加哪个,没添加的默认走PR…☆13Feb 4, 2023Updated 3 years ago
- A FullC2 Framework TUI + Web UI That Focuses On Network Stressing☆14Aug 24, 2025Updated 6 months ago
- ☆11Oct 10, 2020Updated 5 years ago
- ☆11Aug 25, 2018Updated 7 years ago
- powerfull pentesting tool to checking email by smtp command☆10Feb 29, 2024Updated 2 years ago
- Advanced shellcode injector for images supports BMP, GIF, EXIF (JPEG), and LSB (PNG) techniques. Includes XOR encoding, offset indexing, …☆25Jun 11, 2025Updated 8 months ago
- Multi-agent AI system using GPT-4o, DeepSeek v3, and Llama 3.3 to detect if CVE vulnerabilities were exploited as zero-days. Analyzes…☆20Feb 13, 2026Updated 3 weeks ago
- An python script that use apkleaks to scan the android application over web☆11Jun 2, 2022Updated 3 years ago
- A powerful Burp Suite extension that automatically detects JavaScript URLs from HTTP traffic, scans them using TruffleHog for secrets det…☆31Oct 23, 2025Updated 4 months ago
- ☆16Jan 23, 2026Updated last month
- Recon tool for URLs discovery☆12Jun 19, 2024Updated last year
- This small script helps to avoid using MetaSploit (msfconsole) during the Enterprise pentests and OSCP-like exams. Grep included function…☆14Mar 9, 2023Updated 2 years ago
- A GUI version of yt-dlp built in PyQt5 to make it easier to use.☆11Sep 17, 2023Updated 2 years ago
- ☆10Nov 7, 2022Updated 3 years ago
- ☆20Jan 12, 2022Updated 4 years ago
- Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc.☆12Apr 4, 2025Updated 11 months ago
- PC远控winos4.0成品☆12Sep 13, 2023Updated 2 years ago
- ☆12Apr 17, 2022Updated 3 years ago
- 一款集成了Nuclei模板管理、多空间引擎搜索的网络安全工具集。为安全研究人员提供高效的工作体验。☆22Feb 12, 2026Updated 3 weeks ago
- SAPLAR - LFI & Path Traversal Scanner☆15Mar 11, 2025Updated 11 months ago
- Random Tips and Writeups.☆15Feb 21, 2019Updated 7 years ago
- CeramicSkate0 Sysmon configuration fork file template with default high-quality event tracing☆10Sep 29, 2023Updated 2 years ago
- Virtual host bruteforcer against given network range or single ip☆11Mar 21, 2019Updated 6 years ago
- A simple CDR software for disarming malicious contents contained in documents.☆10Nov 7, 2022Updated 3 years ago
- A tool to do basic fingerprinting across a large number of hosts☆11Oct 20, 2020Updated 5 years ago
- The Proxy Auto Configuration (PAC) file dynamic generator which allows you to specify the proxying rules and the PAC-file will be generat…☆10Dec 5, 2019Updated 6 years ago
- Lightweight reflection scanner☆20Aug 31, 2025Updated 6 months ago
- A tool for identifying and exploiting vulnerable Viewstate implementations in ASP.NET☆59Dec 8, 2025Updated 2 months ago
- ☆54Nov 5, 2024Updated last year
- Go script to guess an API key / OAuth token found during pentest. CLI version of https://github.com/daffainfo/apiguesser-web/☆45Aug 28, 2022Updated 3 years ago
- A CLI utility to scan S3 buckets permissions☆14May 14, 2023Updated 2 years ago
- 🛡️ A curated collection of awesome resources, tools, and other shiny things for cybersecurity blue teams.☆12Jan 11, 2020Updated 6 years ago