OWASP / OFFATLinks
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
☆657Updated 4 months ago
Alternatives and similar repositories for OFFAT
Users that are interested in OFFAT are comparing it to the libraries listed below
Sorting:
- SessionProbe is a multi-threaded tool designed for penetration testing and bug bounty hunting. It evaluates user privileges in web applic…☆463Updated last year
- API Security Vulnerability Scanner designed to help you secure your APIs.☆231Updated last week
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆894Updated last week
- A powerful scanner to scan your Filesystem, S3, MySQL, Redis, Google Cloud Storage and Firebase storage for PII and sensitive data.☆467Updated last week
- Web Security Scanner☆366Updated 2 months ago
- Header Exploitation HTTP☆698Updated last month
- AI-powered ffuf wrapper☆636Updated last month
- API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).☆230Updated 9 months ago
- The Internets #1 Subdomain Takeover Tool☆293Updated 7 months ago
- SubDominator helps you discover subdomains associated with a target domain efficiently and with minimal impact for your Bug Bounty☆713Updated 8 months ago
- This script automates SQL injection testing using SQLMap with AI-powered decision making.☆385Updated 2 months ago
- Damn Vulnerable Restaurant is an intentionally vulnerable Web API game for learning and training purposes dedicated to developers, ethica…☆878Updated 2 weeks ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆712Updated this week
- JWT Auditor – Analyze, break, and understand your tokens like a pro.☆487Updated last month
- Pen Test Report Generation and Assessment Collaboration☆586Updated last month
- This repo tries to explain complex security vulnerabilities in simple terms that even a five-year-old can understand!☆368Updated 2 years ago
- TInjA is a CLI tool for testing web pages for template injection vulnerabilities and supports 44 of the most relevant template engines fo…☆399Updated 3 weeks ago
- Find CVEs associated to Linux and public exploits on github☆119Updated 9 months ago
- Simple tool to scan a website for (DOM-based) XSS vulnerabilities and Open Redirects.☆255Updated 11 months ago
- A fuzzer for finding anomalies and analyzing how servers respond to different HTTP headers☆355Updated 2 years ago
- Subprober is a powerful and efficient subdomain scanning tool written in Python. With the ability to handle large lists of subdomains. Th…☆262Updated 6 months ago
- Pentest Report Generator☆440Updated 2 months ago
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning-On Your Terms. Easily distribute arbit…☆705Updated 3 weeks ago
- Websec interview questions by tib3rius answered☆307Updated 2 years ago
- AllForOne allows bug bounty hunters and security researchers to collect all Nuclei YAML templates from various public repositories,☆730Updated last year
- Mantis is a security framework that automates the workflow of discovery, reconnaissance, and vulnerability scanning.☆1,011Updated 10 months ago
- RedCloudOS is a Cloud Adversary Simulation Operating System for Red Teams to assess the Cloud Security of Leading Cloud Service Providers…☆671Updated last year
- LFI-FINDER is an open-source tool available on GitHub that focuses on detecting Local File Inclusion (LFI) vulnerabilities☆300Updated 2 years ago
- A suite for hunting suspicious targets, expose domains and phishing discovery☆373Updated last month
- DockerSpy searches for images on Docker Hub and extracts sensitive information such as authentication secrets, private keys, and more.☆243Updated last year