A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.
☆32Nov 6, 2024Updated last year
Alternatives and similar repositories for API-Pentesting-Resources
Users that are interested in API-Pentesting-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An opensource tool built to help bug bounty hunters and developers to easily/quickly find the perfect command to validate API keys☆25Apr 20, 2025Updated last year
- A browser extension that helps users shop online with various utility features.☆14Jan 9, 2025Updated last year
- burp suite插件☆14Jul 9, 2023Updated 2 years ago
- Like DLP☆11Jan 27, 2025Updated last year
- CVE-2025-55182-bypass-waf☆31Jan 8, 2026Updated 6 months ago
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Cryptanalysis of a proprietary 1999 video DRM system. Recovers 61 encrypted wrestling videos from the WCW Internet Powerdisk CD-ROM throu…☆25Jan 29, 2026Updated 5 months ago
- Kumpulan command yang dijalankan setiap chapter materi pelatihan Wazuh.☆18Oct 1, 2023Updated 2 years ago
- ☆98Mar 30, 2026Updated 3 months ago
- Linkfinder by Rdzsp is a browser extension that automatically scans and collects endpoints from JavaScript files on websites☆33Aug 22, 2024Updated last year
- ☆44Mar 13, 2023Updated 3 years ago
- 5-layer persistent memory and identity architecture for AI agents. Production-validated over 353+ sessions. First documented case of emer…☆44Jun 28, 2026Updated last week
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 8 years ago
- Updated Android biometric bypass script for Frida (from Kamil Breński, Krzysztof Pranczk and Mateusz Fruba, August 2019). The code resolv…☆45Jan 31, 2023Updated 3 years ago
- 🔍 Bug Bounty Search Engine - Advanced reconnaissance toolkit with 64+ Google dork queries organized into 10 categories for security rese…☆42Oct 6, 2025Updated 9 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Archive of pentestmonkey.net cheat sheets in case the site goes away permanently☆13Oct 28, 2019Updated 6 years ago
- Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never resear…☆116Feb 22, 2026Updated 4 months ago
- Use claude code anywhere.☆63Apr 19, 2026Updated 2 months ago
- Reverse engineer obfuscated JavaScript visually. Chain transforms, inspect AST changes, write reusable deobfuscation plugins.☆117Feb 4, 2026Updated 5 months ago
- This lab is for **EDUCATIONAL PURPOSES ONLY**. Use it responsibly and only on systems you own or have explicit permission to test. Do not…☆21Feb 20, 2026Updated 4 months ago
- A fast and efficient subdomain hijacking scanner that checks for takeover vulnerabilities by matching HTTP response bodies against predef…☆31Apr 12, 2026Updated 2 months ago
- A collection of in-depth studies authored by me on JavaScript engine vulnerabilities.☆49Feb 6, 2026Updated 5 months ago
- My collection of hacking books for learning information security☆45Dec 25, 2022Updated 3 years ago
- ☆28Jun 20, 2026Updated 2 weeks ago
- Deploy on Railway without the complexity - Free Credits Offer • AdConnect your repo and Railway handles the rest with instant previews. Quickly provision container image services, databases, and storage volumes.
- ADKAVEH - One PowerShell script for Active Directory discovery and safe attack simulation.☆37Sep 28, 2025Updated 9 months ago
- List of Fresh DNS resolvers updates every 1 hour☆21May 8, 2026Updated 2 months ago
- Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages☆59Apr 15, 2026Updated 2 months ago
- Empty project to quick start Proof of Concept app development☆37Feb 15, 2025Updated last year
- Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.☆24Nov 26, 2024Updated last year
- A fast terminal UI for reviewing Git diffs with support for annotations for agents☆155Updated this week
- Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)☆34Mar 27, 2025Updated last year
- ☆35Jan 18, 2026Updated 5 months ago
- This repo collects nuclei template from 600+ github repos, updates every 6 hours.☆38Feb 17, 2026Updated 4 months ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Tor transport bridge for Sliver C2 - anonymous command and control☆47Jan 20, 2026Updated 5 months ago
- ☆29Feb 23, 2023Updated 3 years ago
- Burp extension to generate multi-step CSRF POC.☆31Sep 23, 2019Updated 6 years ago
- genAI agent providing security context, tooling for performing security analysis on CVE, components and more☆30Updated this week
- A network segmentation and egress control testing tool for PCI DSS v4.0 compliance. Automatically discovers network segments, validates i…☆14May 20, 2026Updated last month
- Jarida (Jadx + Frida) is a Jadx GUI plugin that lets you trace and optionally patch Java method return values at runtime using Frida, dir…☆121Apr 17, 2026Updated 2 months ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆31Oct 21, 2025Updated 8 months ago