OWASP / OFFATLinks
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
☆642Updated last month
Alternatives and similar repositories for OFFAT
Users that are interested in OFFAT are comparing it to the libraries listed below
Sorting:
- Header Exploitation HTTP☆632Updated last month
- AI-powered ffuf wrapper☆532Updated 9 months ago
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆453Updated last year
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆786Updated 2 weeks ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆689Updated 4 months ago
- AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,☆706Updated last year
- SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty☆658Updated 3 months ago
- Find CVEs associated to Linux and public exploits on github☆119Updated 4 months ago
- Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethica…☆822Updated 4 months ago
- This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!☆367Updated 2 years ago
- A deliberately vulnerable banking application designed for practicing Security Testing of Web App, APIs, AI integrated App and secure cod…☆382Updated last month
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…☆601Updated last month
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆370Updated 3 months ago
- ☆498Updated last year
- This script automates SQL injection testing using SQLMap with AI-powered decision making.☆337Updated this week
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆346Updated last year
- Web Security Scanner☆331Updated 2 months ago
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆996Updated 5 months ago
- Pentest Report Generator☆425Updated last week
- Pen Test Report Generation and Assessment Collaboration☆559Updated this week
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆655Updated last year
- Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.☆246Updated 6 months ago
- API Security Vulnerability Scanner designed to help you secure your APIs.☆167Updated this week
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆259Updated last month
- TerminatorZ is a highly sophisticated and efficient web security tool that scans for top potential vulnerabilities with known CVEs in you…☆280Updated 11 months ago
- Porch Pirate is the most comprehensive Postman recon / OSINT client and framework that facilitates the automated discovery and exploitati…☆429Updated last year
- LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities☆298Updated last year
- LEAKEY is a bash script which checks and validates for leaked credentials. The idea behind LEAKEY is to make it highly customizable and e…☆351Updated last year
- ☆487Updated last week
- HTTP 403 bypass tool☆535Updated last year