imperva / automatic-api-attack-tool
Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
☆470Updated last year
Alternatives and similar repositories for automatic-api-attack-tool:
Users that are interested in automatic-api-attack-tool are comparing it to the libraries listed below
- DOM XSS scanner for Single Page Applications☆403Updated this week
- Security Testing Scripts for JWT☆312Updated 2 years ago
- ☆980Updated 2 months ago
- Fetches javascript file from a list of URLS or subdomains.☆760Updated last year
- Finds unknown classes of injection vulnerabilities☆657Updated last week
- This Lab contain the sample codes which are vulnerable to Server-Side Request Forgery attack☆706Updated last year
- Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security prof…☆413Updated 4 years ago
- List DTDs and generate XXE payloads using those local DTDs.☆621Updated last year
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.☆373Updated 3 years ago
- BurpSuite Extension: A one-stop pen testing checklist and logger tool☆265Updated 2 years ago
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆645Updated 6 years ago
- Lesser Known Web Attack Lab☆330Updated 5 years ago
- A Burp Suite extension to help pentesters to bypass WAFs or test their effectiveness using a number of techniques☆721Updated 5 years ago
- API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities☆392Updated 7 years ago
- Web App bug hunting☆561Updated 3 weeks ago
- REST/JSON API to the Burp Suite security tool.☆555Updated 10 months ago
- Tool to help exploit XXE vulnerabilities☆556Updated 2 years ago
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆860Updated 3 years ago
- BFAC (Backup File Artifacts Checker): An automated tool that checks for backup artifacts that may disclose the web-application's source c…☆547Updated 2 years ago
- Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists☆721Updated 2 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆300Updated 2 years ago
- Client Side Prototype Pollution Scanner☆517Updated 2 years ago
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆527Updated 6 years ago
- Second-order subdomain takeover scanner☆386Updated 2 years ago
- Tool to check for dependency confusion vulnerabilities in multiple package management systems☆717Updated 7 months ago
- An automated target reconnaissance pipeline.☆429Updated 2 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆350Updated 4 years ago
- HTTP file upload scanner for Burp Proxy☆403Updated last year
- A wordlist of API names for web application assessments☆801Updated last month
- Extension for Burp Suite which uses AWS API Gateway to rotate your IP on every request.☆837Updated 3 weeks ago