OWASP / OFFATLinks
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
☆634Updated last week
Alternatives and similar repositories for OFFAT
Users that are interested in OFFAT are comparing it to the libraries listed below
Sorting:
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆661Updated 2 months ago
- AI-powered ffuf wrapper☆503Updated 7 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆734Updated 2 weeks ago
- Header Exploitation HTTP☆507Updated last month
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆450Updated last year
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…☆523Updated 2 weeks ago
- 🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the c…☆212Updated 2 years ago
- API Security Vulnerability Scanner designed to help you secure your APIs.☆149Updated this week
- A browser extension that allows you to monitor, intercept, and debug JavaScript sinks based on customizable configurations.☆590Updated 3 months ago
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆637Updated last year
- Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.☆240Updated 4 months ago
- AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,☆652Updated last year
- Create your own vulnerable by design AWS penetration testing playground☆382Updated 2 months ago
- ☆463Updated 5 months ago
- Web Security Scanner☆323Updated 2 weeks ago
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆253Updated last week
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆642Updated last year
- Websec interview questions by tib3rius answered☆309Updated last year
- ☆663Updated last year
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆342Updated last year
- SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty☆619Updated last month
- A tool to quickly do keyword searches over Gitlab and Github for OSINT & bug bounty recon☆239Updated last year
- ☆545Updated last year
- Repository of Bug-Bounty Writeups☆305Updated 2 weeks ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆360Updated last month
- An Automated Subdomain Enumeration Tool☆264Updated 8 months ago
- Security Auditor Utility for GraphQL APIs☆477Updated 4 months ago
- ☆490Updated last year
- IDOR Forge is an advanced and versatile tool designed to detect Insecure Direct Object Reference (IDOR) vulnerabilities in web applicatio…☆139Updated last month
- BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for c…☆421Updated 5 months ago