Fuzzapi/API-fuzzer external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

Fuzzapi/API-fuzzer

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/Fuzzapi/API-fuzzer)

Close

Fuzzapi / API-fuzzerView on GitHubMore

• External links
• Readme badge

API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities

☆407Jul 16, 2017Updated 8 years ago

Alternatives and similar repositories for API-fuzzer

Users that are interested in API-fuzzer are comparing it to the libraries listed below

• Fuzzapi / fuzzapi

  View on GitHub
  Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem
  ☆667Feb 25, 2021Updated 5 years ago
• KissPeter / APIFuzzer

  View on GitHub
  Fuzz test your application using your OpenAPI or Swagger API definition without coding
  ☆466Mar 6, 2025Updated 11 months ago
• flipkart-incubator / Astra

  View on GitHub
  Automated Security Testing For REST API's
  ☆2,639Jun 5, 2024Updated last year
• claudioviviani / ms17-010-m4ss-sc4nn3r

  View on GitHub
  MS17-010 multithreading scanner written in python.
  ☆75May 20, 2017Updated 8 years ago
• SpiderMate / B-XSSRF

  View on GitHub
  Toolkit to detect and keep track on Blind XSS, XXE & SSRF
  ☆293Aug 23, 2019Updated 6 years ago
• mseclab / PyJFuzz

  View on GitHub
  PyJFuzz - Python JSON Fuzzer
  ☆381Aug 2, 2023Updated 2 years ago
• cujanovic / SSRF-Testing

  View on GitHub
  SSRF (Server Side Request Forgery) testing resources
  ☆2,483Oct 12, 2024Updated last year
• imperva / automatic-api-attack-tool

  View on GitHub
  Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an outp…
  ☆492May 13, 2023Updated 2 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,774Apr 26, 2024Updated last year
• andresriancho / websocket-fuzzer

  View on GitHub
  HTML5 WebSocket message fuzzer
  ☆148Nov 23, 2018Updated 7 years ago
• cujanovic / CRLF-Injection-Payloads

  View on GitHub
  Payloads for CRLF Injection
  ☆227Oct 12, 2024Updated last year
• attackercan / burp-xss-sql-plugin

  View on GitHub
  ☆44Sep 28, 2016Updated 9 years ago
• maK- / parameth

  View on GitHub
  This tool can be used to brute discover GET and POST parameters
  ☆1,393Aug 24, 2019Updated 6 years ago
• ssexxe / XXEBugFind

  View on GitHub
  A tool for detecting XML External Entity (XXE) vulnerabilities in Java applications
  ☆72Sep 4, 2014Updated 11 years ago
• PortSwigger / backslash-powered-scanner

  View on GitHub
  Finds unknown classes of injection vulnerabilities
  ☆710Apr 30, 2025Updated 10 months ago
• P3GLEG / PwnBack

  View on GitHub
  Burp Extender plugin that generates a sitemap of a website using Wayback Machine
  ☆227May 8, 2018Updated 7 years ago
• doyensec / inql

  View on GitHub
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
  ☆1,737Feb 16, 2026Updated 2 weeks ago
• chrislockard / api_wordlist

  View on GitHub
  A wordlist of API names for web application assessments
  ☆870Jun 17, 2025Updated 8 months ago
• PortSwigger / param-miner

  View on GitHub
  ☆1,407Jan 22, 2026Updated last month
• 1N3 / IntruderPayloads

  View on GitHub
  A collection of Burpsuite Intruder payloads, BurpBounty payloads, fuzz lists, malicious file uploads and web pentesting methodologies and…
  ☆3,903Sep 27, 2021Updated 4 years ago
• GrrrDog / Java-Deserialization-Cheat-Sheet

  View on GitHub
  The cheat sheet about Java Deserialization vulnerabilities
  ☆3,167May 26, 2023Updated 2 years ago
• aress31 / openapi-parser

  View on GitHub
  Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in …
  ☆206Jan 3, 2024Updated 2 years ago
• enjoiz / XXEinjector

  View on GitHub
  Tool for automatic exploitation of XXE vulnerability using direct and different out of band methods.
  ☆1,710Dec 1, 2024Updated last year
• infosec-au / altdns

  View on GitHub
  Generates permutations, alterations and mutations of subdomains and then resolves them
  ☆2,474Jan 9, 2025Updated last year
• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,091Feb 20, 2025Updated last year
• ssl / ezXSS

  View on GitHub
  ezXSS is an easy way for penetration testers and bug bounty hunters to test (blind) Cross Site Scripting.
  ☆2,244Jan 8, 2026Updated last month
• strozfriedberg / xxe-recursive-download

  View on GitHub
  ☆231Nov 18, 2015Updated 10 years ago
• bugcrowd / HUNT

  View on GitHub
  ☆2,316Dec 8, 2023Updated 2 years ago
• GerbenJavado / LinkFinder

  View on GitHub
  A python script that finds endpoints in JavaScript files
  ☆4,286Apr 13, 2024Updated last year
• anshumanbh / FASTSAM

  View on GitHub
  Framework for Automated Security Testing that is Scaleable and Asynchronous built on Microservices
  ☆18Oct 13, 2016Updated 9 years ago
• inonshk / 31-days-of-API-Security-Tips

  View on GitHub
  This challenge is Inon Shkedy's 31 days API Security Tips.
  ☆2,231Apr 20, 2022Updated 3 years ago
• ropnop / serverless_toolkit

  View on GitHub
  A collection of useful Serverless functions I use when pentesting
  ☆391Dec 9, 2022Updated 3 years ago
• h3xstream / burp-retire-js

  View on GitHub
  Burp/ZAP/Maven extension that integrate Retire.js repository to find vulnerable Javascript libraries.
  ☆210Jun 14, 2024Updated last year
• michenriksen / aquatone

  View on GitHub
  A Tool for Domain Flyovers
  ☆5,906May 22, 2022Updated 3 years ago
• jpiechowka / jenkins-cve-2016-0792

  View on GitHub
  Exploit for Jenkins serialization vulnerability - CVE-2016-0792
  ☆49Aug 2, 2017Updated 8 years ago
• nccgroup / BurpSuiteHTTPSmuggler

  View on GitHub
  A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques
  ☆736May 4, 2019Updated 6 years ago
• ant4g0nist / Susanoo

  View on GitHub
  A REST API security testing framework.
  ☆327Dec 4, 2021Updated 4 years ago
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,489Sep 4, 2025Updated 5 months ago
• Bo0oM / fuzz.txt

  View on GitHub
  Potentially dangerous files
  ☆3,274Aug 25, 2025Updated 6 months ago