Alternatives and similar repositories for vulnerable-api:

Users that are interested in vulnerable-api are comparing it to the libraries listed below

• JGillam / burp-paramalyzer
  Paramalyzer - Burp extension for parameter analysis of large-scale web application penetration tests.
  ☆156Updated last month
• jorritfolmer / vulnerable-api
  Enhanced fork with logging, OpenAPI 3.0 and Python 3 for security monitoring workshops
  ☆42Updated last year
• secdec / attack-surface-detector-burp
  The Attack Surface Detector uses static code analyses to identify web app endpoints by parsing routes and identifying parameters
  ☆102Updated last year
• rahulunair / vulnerable-api
  This repository contains an example Python API that is vulnerable to several different web API attacks.
  ☆27Updated 6 years ago
• PortSwigger / aws-security-checks
  AWS Security Checks
  ☆39Updated 7 years ago
• gocaio / sct
  Security checks for http headers and cookies
  ☆25Updated 4 years ago
• Vanshal / AWAE-PREP
  ☆17Updated 3 years ago
• chennylmf / OWASP-Web-App-Pentesting-checklists
  ☆71Updated 4 years ago
• fellchase / flumberboozle
  Suite of programs meant to aid in bug hunting and security assessments
  ☆76Updated 5 years ago
• codewatchorg / Burp-UserAgent
  Automatically modify the User-Agent header in all Burp requests
  ☆56Updated 7 years ago
• devanshbatham / CertEagle
  Weaponizing Live CT logs for automated monitoring of assets
  ☆133Updated 3 years ago
• lc / brute53
  A tool to bruteforce nameservers when working with subdomain delegations to AWS.
  ☆58Updated 5 years ago
• ozguralp / synackapi
  ☆61Updated 8 months ago
• tdr130 / assetnote
  Push notifications for passive DNS data
  ☆109Updated 9 years ago
• In3tinct / Taken
  Takeover AWS ips and have a working POC for Subdomain Takeover.
  ☆91Updated 2 months ago
• war-and-code / akamai-arl-hack
  Script to test open Akamai ARL vulnerability.
  ☆71Updated 3 years ago
• JordyZomer / autoSubTakeover
  A tool used to check if a CNAME resolves to the scope address. If the CNAME resolves to a non-scope address it might be worth checking ou…
  ☆132Updated last year
• LewisArdern / metasecjs
  MetaSec.js combines all the free open-source security tools to identify issues with JavaScript and automates the boring parts
  ☆80Updated 2 years ago
• incogbyte / jsearch
  ☆30Updated 4 years ago
• lc / jenkinz
  jenkinz is a tool to retrieve every build for every job ever created and run on a given Jenkins instance.
  ☆67Updated 5 years ago
• righettod / burp-piper-custom-scripts
  Custom scripts for the PIPER Burp extensions.
  ☆98Updated last year
• szski / shapeshifter
  GraphQL security testing tool
  ☆122Updated 3 years ago
• sorokinpf / ApiWordlistGenerator
  Generate wordlists for fuzzing API method names
  ☆54Updated 4 years ago
• MistSpark / DNS-Wordlists
  part of my wordlist to bruteforce DNS to find subdoamains.
  ☆62Updated 3 years ago
• Leoid / AWSBurpCollaborator
  Deploy a Private Burpsuite Collaborator using boto3 Python Library
  ☆57Updated 5 years ago
• shivsahni / NSBrute
  Python utility to takeover domains vulnerable to AWS NS Takeover
  ☆87Updated 2 years ago
• defparam / h1passets
  List HackerOne private program assets
  ☆150Updated 3 years ago
• securityidiots / CollabOzark
  CollabOzark is a simple tool which helps the researchers track SSRF, RCE, Blind XSS, XXE, External Resource Access payloads triggers.
  ☆137Updated 5 years ago
• appsecco / practical-recon-levelup0x02
  This repository contains all the material from the talk "Practical recon techniques for bug hunters & pentesters" given at Bugcrowd Level…
  ☆60Updated 6 years ago
• Rhynorater / reports
  ☆59Updated 9 months ago