A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.
☆28Nov 6, 2024Updated last year
Alternatives and similar repositories for API-Pentesting-Resources
Users that are interested in API-Pentesting-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An opensource tool built to help bug bounty hunters and developers to easily/quickly find the perfect command to validate API keys☆24Apr 20, 2025Updated 11 months ago
- burp suite插件☆13Jul 9, 2023Updated 2 years ago
- Like DLP☆11Jan 27, 2025Updated last year
- 𝘔𝘢𝘯𝘺 𝘰𝘧 𝘵𝘩𝘦𝘴𝘦 𝘴𝘤𝘳𝘪𝘱𝘵𝘴 𝘢𝘳𝘦 𝘤𝘰𝘭𝘭𝘦𝘤𝘵𝘦𝘥 𝘧𝘳𝘰𝘮 𝘤𝘰𝘶𝘳𝘴𝘦𝘴, 𝘣𝘭𝘰𝘨𝘴, 𝘤𝘰𝘮𝘮𝘶𝘯𝘪𝘵𝘺 𝘳𝘦𝘴𝘰𝘶𝘳𝘤�…☆27Nov 30, 2025Updated 3 months ago
- Linkfinder by Rdzsp is a browser extension that automatically scans and collects endpoints from JavaScript files on websites☆32Aug 22, 2024Updated last year
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Updated Android biometric bypass script for Frida (from Kamil Breński, Krzysztof Pranczk and Mateusz Fruba, August 2019). The code resolv…☆43Jan 31, 2023Updated 3 years ago
- ☆43Mar 13, 2023Updated 3 years ago
- psychoPATH - hunting file uploads & LFI in the dark. This tool is a customisable payload generator designed for blindly detecting LFI & w…☆19Jun 28, 2018Updated 7 years ago
- A network segmentation and egress control testing tool for PCI DSS v4.0 compliance. Automatically discovers network segments, validates i…☆13Aug 15, 2025Updated 7 months ago
- Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages☆57Jan 14, 2025Updated last year
- Tool that gathers a customizable set of ETW telemetry and generates user-defined detections☆47Jan 28, 2026Updated last month
- ADKAVEH - One PowerShell script for Active Directory discovery and safe attack simulation.☆37Sep 28, 2025Updated 5 months ago
- Burp plugin for jxscout☆20May 12, 2025Updated 10 months ago
- Convert your HackerOne reports into reusable AI skills.☆73Mar 9, 2026Updated 2 weeks ago
- Open source password manager - Proton Pass • AdSecurely store, share, and autofill your credentials with Proton Pass, the end-to-end encrypted password manager trusted by millions.
- Empty project to quick start Proof of Concept app development☆32Feb 15, 2025Updated last year
- Grab form parameters easily☆14Dec 11, 2024Updated last year
- Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.☆23Nov 26, 2024Updated last year
- 🌸 Store anime picture collection in a Discord server☆19Aug 13, 2023Updated 2 years ago
- A prompt-based pipeline for finding, validating, and proving vulnerabilities using LLM sub-agents.☆48Feb 22, 2026Updated last month
- Real-Time JavaScript reverse engineering and debugging suite - Burp Suite, but for JavaScript☆17Jul 23, 2025Updated 8 months ago
- The different ways to dump lsass☆279Aug 15, 2025Updated 7 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆31Dec 20, 2025Updated 3 months ago
- Microsoft Network Service Fingerprinting Tool☆69Jan 2, 2026Updated 2 months ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- ☆28Feb 23, 2023Updated 3 years ago
- Automated Cloud Misconfiguration Testing☆23Jun 20, 2025Updated 9 months ago
- Store 4TB in 5GB: S3-compatible storage with 99.9% compression for versioned files☆33Mar 16, 2026Updated last week
- Jarida (Jadx + Frida) is a Jadx GUI plugin that lets you trace and optionally patch Java method return values at runtime using Frida, dir…☆88Mar 6, 2026Updated 3 weeks ago
- Burp Suite extension to detect Web Cache Deception vulnerabilities, now compatible with the Community Edition. Automates advanced cache …☆19Nov 18, 2025Updated 4 months ago
- Tailscale Domain Management Gateway: allow Tailscale nodes to retrieve public (Let's Encrypt) TLS certificates for custom domains.☆41Feb 11, 2026Updated last month
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆30Oct 21, 2025Updated 5 months ago
- A powerful Burp Suite extension that helps in converting requests between different formats, making web application testing more efficien…☆13Nov 18, 2024Updated last year
- A Windows kernel driver viewer and manager built in Rust — real-time enumeration, signature verification, SCM operations, and multi-for…☆115Mar 16, 2026Updated last week
- Managed Database hosting by DigitalOcean • AdPostgreSQL, MySQL, MongoDB, Kafka, Valkey, and OpenSearch available. Automatically scale up storage and focus on building your apps.
- Toolbox for modifying/updating/backing up Nissan LEAF Head Unit☆27Nov 30, 2025Updated 3 months ago
- zwatcher is a lightweight bash script for monitoring sub/domains or a list of sub/domains and javascript files. It compares HTTP status c…☆21Nov 23, 2025Updated 4 months ago
- Modified version of Process monitor that bypasses procmon detection for anti-debuggers☆24May 6, 2024Updated last year
- PathShield is an anti-tracking tool for M5StickC Plus v1/2 that uses BLE & WiFI scanning to detect and alert you to devices following you…☆44Jan 19, 2026Updated 2 months ago
- Let's make quick work of GraphQL instances ;)☆24Mar 8, 2026Updated 2 weeks ago
- Free Windows privilege escalation lab inspired by HTB Devel, built for PNPT and OSCP practice.☆23Jan 13, 2026Updated 2 months ago
- New exploitation tricks for hardened .NET Remoting servers☆32Aug 5, 2025Updated 7 months ago