A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.
☆31Nov 6, 2024Updated last year
Alternatives and similar repositories for API-Pentesting-Resources
Users that are interested in API-Pentesting-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An opensource tool built to help bug bounty hunters and developers to easily/quickly find the perfect command to validate API keys☆25Apr 20, 2025Updated last year
- burp suite插件☆14Jul 9, 2023Updated 2 years ago
- check if the source code compressed and uploaded to the server by mistake☆10Feb 21, 2022Updated 4 years ago
- Like DLP☆11Jan 27, 2025Updated last year
- CVE-2025-55182-bypass-waf☆31Jan 8, 2026Updated 5 months ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Cryptanalysis of a proprietary 1999 video DRM system. Recovers 61 encrypted wrestling videos from the WCW Internet Powerdisk CD-ROM throu…☆25Jan 29, 2026Updated 4 months ago
- ☆46Mar 30, 2026Updated 2 months ago
- 𝘔𝘢𝘯𝘺 𝘰𝘧 𝘵𝘩𝘦𝘴𝘦 𝘴𝘤𝘳𝘪𝘱𝘵𝘴 𝘢𝘳𝘦 𝘤𝘰𝘭𝘭𝘦𝘤𝘵𝘦𝘥 𝘧𝘳𝘰𝘮 𝘤𝘰𝘶𝘳𝘴𝘦𝘴, 𝘣𝘭𝘰𝘨𝘴, 𝘤𝘰𝘮𝘮𝘶𝘯𝘪𝘵𝘺 𝘳𝘦𝘴𝘰𝘶𝘳𝘤�…☆29Nov 30, 2025Updated 6 months ago
- Linkfinder by Rdzsp is a browser extension that automatically scans and collects endpoints from JavaScript files on websites☆33Aug 22, 2024Updated last year
- DPG Campus Tool. Shrink massive PDFs to fit AI upload limits. Sanitize before uploading to reduce risk of exposing sensitive data.☆49Jan 20, 2026Updated 4 months ago
- ☆44Mar 13, 2023Updated 3 years ago
- 5-layer persistent memory and identity architecture for AI agents. Production-validated over 353+ sessions. First documented case of emer…☆44Updated this week
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- 🔍 Bug Bounty Search Engine - Advanced reconnaissance toolkit with 64+ Google dork queries organized into 10 categories for security rese…☆42Oct 6, 2025Updated 8 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Archive of pentestmonkey.net cheat sheets in case the site goes away permanently☆13Oct 28, 2019Updated 6 years ago
- Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never resear…☆113Feb 22, 2026Updated 3 months ago
- Use claude code anywhere.☆64Apr 19, 2026Updated last month
- Reverse engineer obfuscated JavaScript visually. Chain transforms, inspect AST changes, write reusable deobfuscation plugins.☆116Feb 4, 2026Updated 4 months ago
- A fast and efficient subdomain hijacking scanner that checks for takeover vulnerabilities by matching HTTP response bodies against predef…☆31Apr 12, 2026Updated 2 months ago
- ☆10Apr 1, 2025Updated last year
- A collection of in-depth studies authored by me on JavaScript engine vulnerabilities.☆49Feb 6, 2026Updated 4 months ago
- My collection of hacking books for learning information security☆42Dec 25, 2022Updated 3 years ago
- ☆27Jun 10, 2026Updated last week
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- ADKAVEH - One PowerShell script for Active Directory discovery and safe attack simulation.☆37Sep 28, 2025Updated 8 months ago
- List of Fresh DNS resolvers updates every 1 hour☆21May 8, 2026Updated last month
- Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages☆59Apr 15, 2026Updated 2 months ago
- A fast terminal UI for reviewing Git diffs with support for annotations for agents☆143Jun 7, 2026Updated last week
- Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.☆24Nov 26, 2024Updated last year
- ☆35Jan 18, 2026Updated 5 months ago
- This repo collects nuclei template from 600+ github repos, updates every 6 hours.☆38Feb 17, 2026Updated 4 months ago
- ☆29Feb 23, 2023Updated 3 years ago
- EH-Bble☆10Jul 23, 2019Updated 6 years ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- Burp extension to generate multi-step CSRF POC.☆31Sep 23, 2019Updated 6 years ago
- genAI agent providing security context, tooling for performing security analysis on CVE, components and more☆30Jun 11, 2026Updated last week
- A network segmentation and egress control testing tool for PCI DSS v4.0 compliance. Automatically discovers network segments, validates i…☆13May 20, 2026Updated 3 weeks ago
- 🛡️ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seco…☆41Updated this week
- Red-Team - AI Agent to Phish Employees based on Social Intelligence.☆23Dec 28, 2025Updated 5 months ago
- Jarida (Jadx + Frida) is a Jadx GUI plugin that lets you trace and optionally patch Java method return values at runtime using Frida, dir…☆120Apr 17, 2026Updated 2 months ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆31Oct 21, 2025Updated 7 months ago