RhinoSecurityLabs / Swagger-EZView external linksLinks
A tool geared towards pentesting APIs using OpenAPI definitions.
☆186Oct 27, 2022Updated 3 years ago
Alternatives and similar repositories for Swagger-EZ
Users that are interested in Swagger-EZ are comparing it to the libraries listed below
Sorting:
- ☆11Jul 28, 2020Updated 5 years ago
- Deploy a Private Burpsuite Collaborator using boto3 Python Library☆58Feb 20, 2020Updated 5 years ago
- 0x0p1n3r is set of combination of other tools and one line scripts to find subdomains easily and to check subdomain takeover☆57Dec 15, 2020Updated 5 years ago
- API testing tool written with Python☆56Feb 8, 2017Updated 9 years ago
- Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in …☆206Jan 3, 2024Updated 2 years ago
- This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd Level…☆62Jan 24, 2019Updated 7 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆303Feb 12, 2023Updated 3 years ago
- A tool for append URLs, skipping duplicates/paths & combine parameters.☆128Mar 2, 2022Updated 3 years ago
- Python3 Burp History parsing tool to discover potential SQL injection points. To be used in tandem with SQLmap.☆470Nov 14, 2019Updated 6 years ago
- ☆106Jan 3, 2023Updated 3 years ago
- Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.☆881Mar 5, 2025Updated 11 months ago
- Quiver is the tool to manage all of your tools for bug bounty hunting and penetration testing.☆214Jun 23, 2020Updated 5 years ago
- Fuzzapi is a tool used for REST API pentesting and uses API_Fuzzer gem☆669Feb 25, 2021Updated 4 years ago
- Extract parameters/paths from urls☆17Aug 2, 2020Updated 5 years ago
- Extract subdomains from rapiddns.io☆23Nov 24, 2022Updated 3 years ago
- Subvenkon is a subdomain enumerator from Venkon☆23Jun 22, 2020Updated 5 years ago
- A script to enumerate Google Storage buckets, determine what access you have to them, and determine if they can be privilege escalated.☆553May 26, 2023Updated 2 years ago
- A collection of data exfiltration scripts for Red Team assessments.☆97Feb 21, 2020Updated 5 years ago
- A tool to perform permutations, mutations and alteration of subdomains in golang.☆155Nov 24, 2023Updated 2 years ago
- Use grepaddr to extract (grep) all kinds of addresses from stdin like URLs (incl. IPv4/IPv6), IP addresses & ranges (IPv4/IPv6), e-mail a…☆66Aug 7, 2023Updated 2 years ago
- Hidden parameters discovery suite☆225Nov 14, 2022Updated 3 years ago
- Performing automated scan using Burp Suite Pro & Vmware Burp Rest API☆52Sep 30, 2022Updated 3 years ago
- Find cloud assets that no one wants exposed 🔎 ☁️☆349Jul 20, 2020Updated 5 years ago
- Quickly generate context-specific wordlists for content discovery from lists of URLs or paths☆239May 4, 2022Updated 3 years ago
- Filter and enrich a list of subdomains by level☆210Sep 25, 2023Updated 2 years ago
- Basic implementation of certstream to print new subdomains and domains☆36Jul 6, 2021Updated 4 years ago
- OASAM is the acronym of Open Android Security Assessment Methodology and its purpose is to become a reference framework on Android applic…☆85Apr 11, 2022Updated 3 years ago
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆647Nov 21, 2019Updated 6 years ago
- Obtain GraphQL API schema even if the introspection is disabled☆1,380Dec 5, 2025Updated 2 months ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,723Feb 5, 2026Updated last week
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,771Apr 26, 2024Updated last year
- The AWS exploitation framework, designed for testing the security of Amazon Web Services environments.☆5,057Nov 8, 2025Updated 3 months ago
- Multi-cloud OSINT tool. Enumerate public resources in AWS, Azure, and Google Cloud.☆2,012Jul 12, 2025Updated 7 months ago
- ☆31Apr 6, 2021Updated 4 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆562Aug 25, 2022Updated 3 years ago
- ☆58Sep 27, 2022Updated 3 years ago
- Unpack a JavaScript Source Map back into filesystem structure☆185Oct 9, 2020Updated 5 years ago
- 🔑 Authz0 is an automated authorization test tool. Unauthorized access can be identified based on URLs and Roles & Credentials.☆426Dec 5, 2025Updated 2 months ago
- Mass querying whois records☆29Dec 28, 2021Updated 4 years ago