imperva/automatic-api-attack-tool external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

imperva/automatic-api-attack-tool

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/imperva/automatic-api-attack-tool)

Close

imperva / automatic-api-attack-toolView on GitHubMore

• External links
• Readme badge

Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.

☆492May 13, 2023Updated 2 years ago

Alternatives and similar repositories for automatic-api-attack-tool

Users that are interested in automatic-api-attack-tool are comparing it to the libraries listed below

• flipkart-incubator / Astra

  View on GitHub
  Automated Security Testing For REST API's
  ☆2,639Jun 5, 2024Updated last year
• laconicwolf / cors-scanner

  View on GitHub
  A multi-threaded scanner that helps identify CORS flaws/misconfigurations
  ☆19Nov 18, 2019Updated 6 years ago
• BBVA / apicheck

  View on GitHub
  The DevSecOps toolset for REST APIs
  ☆278Jan 13, 2023Updated 3 years ago
• doyensec / inql

  View on GitHub
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
  ☆1,737Feb 16, 2026Updated 2 weeks ago
• jaeles-project / jaeles

  View on GitHub
  The Swiss Army knife for automated Web Application Testing
  ☆2,322May 8, 2024Updated last year
• assetnote / kiterunner

  View on GitHub
  Contextual Content Discovery Tool
  ☆3,096Apr 29, 2024Updated last year
• inonshk / 31-days-of-API-Security-Tips

  View on GitHub
  This challenge is Inon Shkedy's 31 days API Security Tips.
  ☆2,231Apr 20, 2022Updated 3 years ago
• wagiro / BurpBounty

  View on GitHub
  Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…
  ☆1,774Apr 26, 2024Updated last year
• Damian89 / extended-ssrf-search

  View on GitHub
  Smart ssrf scanner using different methods like parameter brute forcing in post and get...
  ☆279Feb 11, 2021Updated 5 years ago
• hahwul / XSpear

  View on GitHub
  🔱 Powerfull XSS Scanning and Parameter analysis tool&gem
  ☆1,353Sep 27, 2022Updated 3 years ago
• Fuzzapi / API-fuzzer

  View on GitHub
  API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities
  ☆407Jul 16, 2017Updated 8 years ago
• RandomRobbieBF / phpunit-brute

  View on GitHub
  Tool to try multiple paths for PHPunit RCE CVE-2017-9841
  ☆29Oct 18, 2021Updated 4 years ago
• gquere / pwn_jenkins

  View on GitHub
  Notes about attacking Jenkins servers
  ☆2,090Jul 10, 2024Updated last year
• swisskyrepo / GraphQLmap

  View on GitHub
  GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
  ☆1,631Mar 11, 2024Updated last year
• fcavallarin / domdig

  View on GitHub
  DOM XSS scanner for Single Page Applications
  ☆415Nov 15, 2025Updated 3 months ago
• 0xsha / ProxyFor

  View on GitHub
  Validate proxies for specific domain
  ☆38Aug 14, 2021Updated 4 years ago
• proabiral / inception

  View on GitHub
  A highly configurable Framework for easy automated web scanning
  ☆381Jul 13, 2020Updated 5 years ago
• snoopysecurity / awesome-burp-extensions

  View on GitHub
  A curated list of amazingly awesome Burp Extensions
  ☆3,372Feb 17, 2026Updated last week
• defparam / smuggler

  View on GitHub
  Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3
  ☆2,062Jan 2, 2024Updated 2 years ago
• pwnfoo / NTLMRecon

  View on GitHub
  Enumerate information from NTLM authentication enabled web endpoints 🔎
  ☆504Sep 23, 2025Updated 5 months ago
• emadshanab / 971-MB-content_discovery_wordlist

  View on GitHub
  Collection of content discovery wordlists in one wordlist.
  ☆38Jan 18, 2022Updated 4 years ago
• j3ssie / osmedeus

  View on GitHub
  A Modern Orchestration Engine for Security
  ☆6,109Feb 19, 2026Updated last week
• ivision-research / vulnerable-graphql-api

  View on GitHub
  A very vulnerable implementation of a GraphQL API.
  ☆61Nov 12, 2021Updated 4 years ago
• laconicwolf / burp-extensions

  View on GitHub
  A collection of scripts to extend Burp Suite
  ☆142Apr 8, 2019Updated 6 years ago
• BishopFox / GadgetProbe

  View on GitHub
  Probe endpoints consuming Java serialized objects to identify classes, libraries, and library versions on remote Java classpaths.
  ☆613Mar 4, 2021Updated 4 years ago
• NetSPI / AWSSigner

  View on GitHub
  Burp Extension for AWS Signing
  ☆90Jan 10, 2025Updated last year
• twelvesec / BearerAuthToken

  View on GitHub
  This burpsuite extender provides a solution on testing Enterprise applications that involve security Authorization tokens into every HTTP…
  ☆47Feb 27, 2019Updated 7 years ago
• s0md3v / Arjun

  View on GitHub
  HTTP parameter discovery suite.
  ☆6,091Feb 20, 2025Updated last year
• ticarpi / jwt_tool

  View on GitHub
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,389May 1, 2025Updated 10 months ago
• m4ll0k / Atlas

  View on GitHub
  Quick SQLMap Tamper Suggester
  ☆1,397Jul 18, 2022Updated 3 years ago
• microsoft / restler-fuzzer

  View on GitHub
  RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security…
  ☆2,868Feb 13, 2026Updated 2 weeks ago
• SpiderMate / B-XSSRF

  View on GitHub
  Toolkit to detect and keep track on Blind XSS, XXE & SSRF
  ☆293Aug 23, 2019Updated 6 years ago
• aas-n / spraykatz

  View on GitHub
  Credentials gathering tool automating remote procdump and parse of lsass process.
  ☆782Jun 20, 2020Updated 5 years ago
• swisskyrepo / SSRFmap

  View on GitHub
  Automatic SSRF fuzzer and exploitation tool
  ☆3,489Sep 4, 2025Updated 5 months ago
• ameenmaali / qsfuzz

  View on GitHub
  qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.
  ☆303Feb 12, 2023Updated 3 years ago
• SilverPoision / Rock-ON

  View on GitHub
  Rock-On is a all in one Recon tool that will just get a single entry of the Domain name and do all of the work alone.
  ☆294Nov 30, 2019Updated 6 years ago
• maK- / parameth

  View on GitHub
  This tool can be used to brute discover GET and POST parameters
  ☆1,393Aug 24, 2019Updated 6 years ago
• redhuntlabs / BurpSuite-Asset_Discover

  View on GitHub
  Burp Suite extension to discover assets from HTTP response.
  ☆232Jan 22, 2025Updated last year
• pry0cc / axiom

  View on GitHub
  The dynamic infrastructure framework for everybody! Distribute the workload of many different scanning tools with ease, including nmap, f…
  ☆4,350Sep 30, 2024Updated last year