A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.
☆32Nov 6, 2024Updated last year
Alternatives and similar repositories for API-Pentesting-Resources
Users that are interested in API-Pentesting-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An opensource tool built to help bug bounty hunters and developers to easily/quickly find the perfect command to validate API keys☆25Apr 20, 2025Updated last year
- burp suite插件☆14Jul 9, 2023Updated 2 years ago
- check if the source code compressed and uploaded to the server by mistake☆10Feb 21, 2022Updated 4 years ago
- Like DLP☆11Jan 27, 2025Updated last year
- CVE-2025-55182-bypass-waf☆31Jan 8, 2026Updated 4 months ago
- GPU virtual machines on DigitalOcean Gradient AI • AdGet to production fast with high-performance AMD and NVIDIA GPUs you can spin up in seconds. The definition of operational simplicity.
- Cryptanalysis of a proprietary 1999 video DRM system. Recovers 61 encrypted wrestling videos from the WCW Internet Powerdisk CD-ROM throu…☆25Jan 29, 2026Updated 4 months ago
- 𝘔𝘢𝘯𝘺 𝘰𝘧 𝘵𝘩𝘦𝘴𝘦 𝘴𝘤𝘳𝘪𝘱𝘵𝘴 𝘢𝘳𝘦 𝘤𝘰𝘭𝘭𝘦𝘤𝘵𝘦𝘥 𝘧𝘳𝘰𝘮 𝘤𝘰𝘶𝘳𝘴𝘦𝘴, 𝘣𝘭𝘰𝘨𝘴, 𝘤𝘰𝘮𝘮𝘶𝘯𝘪𝘵𝘺 𝘳𝘦𝘴𝘰𝘶𝘳𝘤�…☆29Nov 30, 2025Updated 5 months ago
- Linkfinder by Rdzsp is a browser extension that automatically scans and collects endpoints from JavaScript files on websites☆33Aug 22, 2024Updated last year
- DPG Campus Tool. Shrink massive PDFs to fit AI upload limits. Sanitize before uploading to reduce risk of exposing sensitive data.☆46Jan 20, 2026Updated 4 months ago
- ☆44Mar 13, 2023Updated 3 years ago
- 5-layer persistent memory and identity architecture for AI agents. Production-validated over 353+ sessions. First documented case of emer…☆45Updated this week
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- Updated Android biometric bypass script for Frida (from Kamil Breński, Krzysztof Pranczk and Mateusz Fruba, August 2019). The code resolv…☆45Jan 31, 2023Updated 3 years ago
- 🔍 Bug Bounty Search Engine - Advanced reconnaissance toolkit with 64+ Google dork queries organized into 10 categories for security rese…☆41Oct 6, 2025Updated 7 months ago
- Virtual machines for every use case on DigitalOcean • AdGet dependable uptime with 99.99% SLA, simple security tools, and predictable monthly pricing with DigitalOcean's virtual machines, called Droplets.
- Archive of pentestmonkey.net cheat sheets in case the site goes away permanently☆13Oct 28, 2019Updated 6 years ago
- Clear and obvious name of the exploitation technique can create a false sense of familiarity, even if its true potential was never resear…☆106Feb 22, 2026Updated 3 months ago
- Use claude code anywhere.☆63Apr 19, 2026Updated last month
- Reverse engineer obfuscated JavaScript visually. Chain transforms, inspect AST changes, write reusable deobfuscation plugins.☆115Feb 4, 2026Updated 3 months ago
- onlyfans downloader☆14Jan 11, 2026Updated 4 months ago
- A fast and efficient subdomain hijacking scanner that checks for takeover vulnerabilities by matching HTTP response bodies against predef…☆30Apr 12, 2026Updated last month
- This lab is for **EDUCATIONAL PURPOSES ONLY**. Use it responsibly and only on systems you own or have explicit permission to test. Do not…☆21Feb 20, 2026Updated 3 months ago
- ☆10Apr 1, 2025Updated last year
- A collection of in-depth studies authored by me on JavaScript engine vulnerabilities.☆49Feb 6, 2026Updated 3 months ago
- GPUs on demand by Runpod - Special Offer Available • AdRun AI, ML, and HPC workloads on powerful cloud GPUs—without limits or wasted spend. Deploy GPUs in under a minute and pay by the second.
- My collection of hacking books for learning information security☆36Dec 25, 2022Updated 3 years ago
- ☆23May 22, 2026Updated last week
- ADKAVEH - One PowerShell script for Active Directory discovery and safe attack simulation.☆37Sep 28, 2025Updated 8 months ago
- Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages☆59Apr 15, 2026Updated last month
- Empty project to quick start Proof of Concept app development☆35Feb 15, 2025Updated last year
- ☆34Jan 18, 2026Updated 4 months ago
- The Router Exploitation Framework☆12Nov 10, 2017Updated 8 years ago
- Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)☆32Mar 27, 2025Updated last year
- Burp extension to generate multi-step CSRF POC.☆30Sep 23, 2019Updated 6 years ago
- Deploy to Railway using AI coding agents - Free Credits Offer • AdUse Claude Code, Codex, OpenCode, and more. Autonomous software development now has the infrastructure to match with Railway.
- This repo collects nuclei template from 600+ github repos, updates every 6 hours.☆36Feb 17, 2026Updated 3 months ago
- A network segmentation and egress control testing tool for PCI DSS v4.0 compliance. Automatically discovers network segments, validates i…☆13May 20, 2026Updated last week
- ☆26Nov 15, 2024Updated last year
- Red-Team - AI Agent to Phish Employees based on Social Intelligence.��☆25Dec 28, 2025Updated 5 months ago
- ☆28Feb 23, 2023Updated 3 years ago
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆54Jan 28, 2026Updated 4 months ago
- Used to manage burp extensions that I find useful.☆12Apr 26, 2022Updated 4 years ago