imperva / automatic-api-attack-tool
Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
☆468Updated last year
Alternatives and similar repositories for automatic-api-attack-tool:
Users that are interested in automatic-api-attack-tool are comparing it to the libraries listed below
- An automated approach to performing recon for bug bounty hunting and penetration testing.☆440Updated 4 years ago
- DOM XSS scanner for Single Page Applications☆402Updated 7 months ago
- This repository contains all the supplement material for the book "The art of sub-domain enumeration"☆642Updated 6 years ago
- BurpSuite Extension: A one-stop pen testing checklist and logger tool☆265Updated last year
- NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.☆372Updated 3 years ago
- Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"☆348Updated 4 years ago
- An automated target reconnaissance pipeline.☆429Updated 2 years ago
- Second-order subdomain takeover scanner☆385Updated last year
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆622Updated 3 months ago
- Web App bug hunting☆556Updated 8 months ago
- Web Application Security Automation Framework which recons the target for various assets to maximize the attack surface for security prof…☆412Updated 4 years ago
- Security Testing Scripts for JWT☆312Updated 2 years ago
- Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the ac…☆1,710Updated 10 months ago
- List DTDs and generate XXE payloads using those local DTDs.☆619Updated last year
- A tool geared towards pentesting APIs using OpenAPI definitions.☆174Updated 2 years ago
- Subdomain Takeover Scanner | Subdomain Takeover Tool | by 0x94☆358Updated last year
- This repository contains all the XSS cheatsheet data to allow contributions from the community.☆416Updated 3 months ago
- ☆975Updated last month
- An exhaustive list of all the possible ways you can chain your Blind SSRF vulnerability☆851Updated 3 years ago
- Smart ssrf scanner using different methods like parameter brute forcing in post and get...☆275Updated 4 years ago
- Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed b…☆997Updated 4 years ago
- vulnerable OAuth 2.0 applications: understand the security implications of your OAuth 2.0 decisions.☆309Updated 11 months ago
- Python based scanner to find potential SSRF parameters☆313Updated last week
- bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.☆527Updated 2 years ago
- Cloud Container Attack Tool (CCAT) is a tool for testing security of container environments.☆616Updated 5 years ago
- qsfuzz (Query String Fuzz) allows you to build your own rules to fuzz query strings and easily identify vulnerabilities.☆300Updated 2 years ago
- An hourly updated list of subdomains gathered from certificate transparency logs☆342Updated 3 years ago
- Wordlists that have been compiled using Commonspeak2. This repo is updated every time new wordlists are generated.☆525Updated 6 years ago
- Finds unknown classes of injection vulnerabilities☆652Updated last year
- ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on sc…☆318Updated 4 months ago