OWASP / OFFAT
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
☆624Updated 5 months ago
Alternatives and similar repositories for OFFAT:
Users that are interested in OFFAT are comparing it to the libraries listed below
- AI-powered ffuf wrapper☆468Updated 5 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆708Updated 2 weeks ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆634Updated last week
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆449Updated last year
- Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethica…☆664Updated 3 weeks ago
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆630Updated 10 months ago
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆248Updated 3 months ago
- Script to Automate installtion of Apps ,frida server and moving Burpsuite certificate to root folder☆264Updated last year
- Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.☆237Updated 2 months ago
- Header Exploitation HTTP☆497Updated 3 weeks ago
- AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,☆638Updated last year
- An automation tool that enumerates subdomains then filters out xss, sqli, open redirect, lfi, ssrf and rce parameters and then scans for …☆1,214Updated 9 months ago
- ☆481Updated 11 months ago
- ☆536Updated 10 months ago
- Websec interview questions by tib3rius answered☆307Updated last year
- Lightning-fast passive subdomain discovery tool for security professionals and bug bounty hunters.☆284Updated last month
- ☆199Updated 11 months ago
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…☆468Updated this week
- A simple tool for bypassing file upload restrictions.☆838Updated 9 months ago
- SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty☆580Updated last month
- Pen Test Report Generation and Assessment Collaboration☆516Updated last month
- Web Security Scanner☆315Updated 11 months ago
- Find CVEs associated to Linux and public exploits on github☆117Updated 2 weeks ago
- A suite for hunting suspicious targets, expose domains and phishing discovery☆358Updated this week
- An Automated Subdomain Enumeration Tool☆261Updated 6 months ago
- A OWASP Based Checklist With 500+ Test Cases☆730Updated 2 years ago
- Pentest Report Generator☆404Updated last week
- ☆239Updated 3 months ago
- ☆315Updated 9 months ago
- Burp Plugin to Bypass WAFs through the insertion of Junk Data☆1,097Updated 3 months ago