A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.
☆32Nov 6, 2024Updated last year
Alternatives and similar repositories for API-Pentesting-Resources
Users that are interested in API-Pentesting-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An opensource tool built to help bug bounty hunters and developers to easily/quickly find the perfect command to validate API keys☆25Apr 20, 2025Updated last year
- burp suite插件☆13Jul 9, 2023Updated 2 years ago
- check if the source code compressed and uploaded to the server by mistake☆10Feb 21, 2022Updated 4 years ago
- Like DLP☆11Jan 27, 2025Updated last year
- ☆44Mar 30, 2026Updated last month
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Cryptanalysis of a proprietary 1999 video DRM system. Recovers 61 encrypted wrestling videos from the WCW Internet Powerdisk CD-ROM throu…☆25Jan 29, 2026Updated 3 months ago
- 𝘔𝘢𝘯𝘺 𝘰𝘧 𝘵𝘩𝘦𝘴𝘦 𝘴𝘤𝘳𝘪𝘱𝘵𝘴 𝘢𝘳𝘦 𝘤𝘰𝘭𝘭𝘦𝘤𝘵𝘦𝘥 𝘧𝘳𝘰𝘮 𝘤𝘰𝘶𝘳𝘴𝘦𝘴, 𝘣𝘭𝘰𝘨𝘴, 𝘤𝘰𝘮𝘮𝘶𝘯𝘪𝘵𝘺 𝘳𝘦𝘴𝘰𝘶𝘳𝘤�…☆28Nov 30, 2025Updated 5 months ago
- DPG Campus Tool. Shrink massive PDFs to fit AI upload limits. Sanitize before uploading to reduce risk of exposing sensitive data.☆46Jan 20, 2026Updated 3 months ago
- Linkfinder by Rdzsp is a browser extension that automatically scans and collects endpoints from JavaScript files on websites☆33Aug 22, 2024Updated last year
- ☆44Mar 13, 2023Updated 3 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- Updated Android biometric bypass script for Frida (from Kamil Breński, Krzysztof Pranczk and Mateusz Fruba, August 2019). The code resolv…☆44Jan 31, 2023Updated 3 years ago
- 🔍 Bug Bounty Search Engine - Advanced reconnaissance toolkit with 64+ Google dork queries organized into 10 categories for security rese…☆40Oct 6, 2025Updated 7 months ago
- Archive of pentestmonkey.net cheat sheets in case the site goes away permanently☆13Oct 28, 2019Updated 6 years ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never resear…☆104Feb 22, 2026Updated 2 months ago
- Use claude code anywhere.☆62Apr 19, 2026Updated 2 weeks ago
- This lab is for **EDUCATIONAL PURPOSES ONLY**. Use it responsibly and only on systems you own or have explicit permission to test. Do not…☆19Feb 20, 2026Updated 2 months ago
- A fast and efficient subdomain hijacking scanner that checks for takeover vulnerabilities by matching HTTP response bodies against predef…☆29Apr 12, 2026Updated 3 weeks ago
- onlyfans downloader☆14Jan 11, 2026Updated 3 months ago
- ☆10Apr 1, 2025Updated last year
- A collection of in-depth studies authored by me on JavaScript engine vulnerabilities.☆49Feb 6, 2026Updated 3 months ago
- My collection of hacking books for learning information security☆32Dec 25, 2022Updated 3 years ago
- genAI agent providing security context, tooling for performing security analysis on CVE, components and more☆23May 1, 2026Updated last week
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- ☆21Apr 16, 2026Updated 3 weeks ago
- A network segmentation and egress control testing tool for PCI DSS v4.0 compliance. Automatically discovers network segments, validates i…☆13Aug 15, 2025Updated 8 months ago
- ADKAVEH - One PowerShell script for Active Directory discovery and safe attack simulation.☆37Sep 28, 2025Updated 7 months ago
- 🛡️ Free AI that blocks hackers while you sleep. Runs on cheap hardware. When someone in Tokyo gets attacked, you're protected in 30 seco…☆40Apr 19, 2026Updated 2 weeks ago
- Red-Team - AI Agent to Phish Employees based on Social Intelligence.☆25Dec 28, 2025Updated 4 months ago
- List of Fresh DNS resolvers updates every 1 hour☆19May 2, 2026Updated last week
- 钉钉数据库解密工具,支持 WEB UI 展示 | DingTalk Database Decryption Tool with Web UI Visualization.☆60Jan 20, 2026Updated 3 months ago
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆53Jan 28, 2026Updated 3 months ago
- Chrome Extensions Dataset☆11Updated this week
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Empty project to quick start Proof of Concept app development☆34Feb 15, 2025Updated last year
- Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.☆23Nov 26, 2024Updated last year
- ☆34Jan 18, 2026Updated 3 months ago
- This repo collects nuclei template from 600+ github repos, updates every 6 hours.☆36Feb 17, 2026Updated 2 months ago
- Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)☆32Mar 27, 2025Updated last year
- A practical client for ADWS in Golang.☆51Mar 3, 2026Updated 2 months ago
- Burp plugin for jxscout☆21May 12, 2025Updated 11 months ago