π Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the community. Next 30 days we will post test tutorials here.
β219May 22, 2023Updated 2 years ago
Alternatives and similar repositories for 30-API-security-tests
Users that are interested in 30-API-security-tests are comparing it to the libraries listed below
Sorting:
- A simple Burp Suite extension to crawl JavaScript (JS) files in passive mode and display the results directly on the issuesβ374Jul 25, 2023Updated 2 years ago
- Proactive, Open source API security β API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom teβ¦β1,454Updated this week
- User-Agent , X-Forwarded-For and Referer SQLI Fuzzerβ382May 19, 2023Updated 2 years ago
- Burp Extension to find potential endpoints, parameters, and generate a custom target wordlistβ1,500Jan 8, 2026Updated last month
- Smart context-based SSRF vulnerability scanner.β360May 5, 2022Updated 3 years ago
- β₯β177Sep 7, 2025Updated 6 months ago
- The motive to build this repo is to help beginner to start learn Android Pentesting by providing a roadmap.β436Jul 11, 2022Updated 3 years ago
- β18Apr 3, 2023Updated 2 years ago
- A Powerful Sensor Tool to discover login panels, and POST Form SQLi Scanningβ523Jul 5, 2023Updated 2 years ago
- Run ffuf with the appropriate options to brute-force the directories using the awesome different wordlists.β25Apr 19, 2023Updated 2 years ago
- A OWASP Based Checklist With 80+ Test Casesβ156Oct 26, 2022Updated 3 years ago
- Crawlex is a powerful Chrome extension designed to assist bug bounty hunters in their work by enabling easy crawling of all possible URLsβ¦β12May 28, 2023Updated 2 years ago
- jsleak is a tool to find secret , paths or links in the source code during the recon.β577Sep 25, 2025Updated 5 months ago
- Authorization-Nuclei-Templatesβ39Sep 16, 2024Updated last year
- Simple python script supported with BurpBouty profile that helps you to detect SQL injection "Error based" by sending multiple requests wβ¦β631Feb 22, 2026Updated 2 weeks ago
- β251May 25, 2021Updated 4 years ago
- i will upload more templates here to share with the comunity.β567Apr 17, 2024Updated last year
- β15May 6, 2023Updated 2 years ago
- Mind-Maps of Several Thingsβ2,625Jun 29, 2023Updated 2 years ago
- Scanner for CVE-2023-22515 - Broken Access Control Vulnerability in Atlassian Confluenceβ77Oct 6, 2023Updated 2 years ago
- This is a Burp Suite extension that allows users to easily add web addresses to the Burp Suite scope.β97Jan 2, 2025Updated last year
- β22Apr 30, 2023Updated 2 years ago
- A cheat sheet that contains advanced queries for SQL Injection of all types.β3,154May 13, 2023Updated 2 years ago
- Stay on the beat with SubHound - receive notifications for new subdomains on Telegram and Discord! πΆπ΅β17Jun 4, 2023Updated 2 years ago
- A Burp Extension that makes it easier to view all script code on a Response.β17Nov 12, 2023Updated 2 years ago
- Automated tool for domains & subdomains gatheringβ191Jan 30, 2026Updated last month
- This repository contain a lot of web and api vulnerability checklist , a lot of vulnerability ideas and tips from twitterβ3,266Feb 10, 2024Updated 2 years ago
- This Repositories contains list of One Liners with Descriptions and Installation requirementsβ500Jun 28, 2025Updated 8 months ago
- β20Apr 5, 2023Updated 2 years ago
- Generate tens of thousands of subdomain combinations in a matter of secondsβ273Sep 25, 2023Updated 2 years ago
- Real-world infosec wordlists, updated regularlyβ1,642Updated this week
- β1,116Jul 26, 2023Updated 2 years ago
- A path-normalization pentesting tool.β151Jan 22, 2026Updated last month
- It grep subdomains, email/username, build custom wordlist etc from gau resultsβ50Nov 4, 2022Updated 3 years ago
- This challenge is Inon Shkedy's 31 days API Security Tips.β2,231Apr 20, 2022Updated 3 years ago
- Jeeves SQLI Finderβ215May 13, 2022Updated 3 years ago
- Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokensβ¦β5,223Jan 31, 2026Updated last month
- AutoRecon-XSS is a script designed for automated reconnaissance of XSS vulnerabilities. It crawls the target URL or alive domains, extracβ¦β133Feb 27, 2024Updated 2 years ago
- A command-line utility for auditing DNS configuration using Zonemaster APIβ32Aug 21, 2023Updated 2 years ago