A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.
☆28Nov 6, 2024Updated last year
Alternatives and similar repositories for API-Pentesting-Resources
Users that are interested in API-Pentesting-Resources are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- An opensource tool built to help bug bounty hunters and developers to easily/quickly find the perfect command to validate API keys☆24Apr 20, 2025Updated 11 months ago
- burp suite插件☆13Jul 9, 2023Updated 2 years ago
- check if the source code compressed and uploaded to the server by mistake☆10Feb 21, 2022Updated 4 years ago
- Like DLP☆11Jan 27, 2025Updated last year
- 𝘔𝘢𝘯𝘺 𝘰𝘧 𝘵𝘩𝘦𝘴𝘦 𝘴𝘤𝘳𝘪𝘱𝘵𝘴 𝘢𝘳𝘦 𝘤𝘰𝘭𝘭𝘦𝘤𝘵𝘦𝘥 𝘧𝘳𝘰𝘮 𝘤𝘰𝘶𝘳𝘴𝘦𝘴, 𝘣𝘭𝘰𝘨𝘴, 𝘤𝘰𝘮𝘮𝘶𝘯𝘪𝘵𝘺 𝘳𝘦𝘴𝘰𝘶𝘳𝘤�…☆28Nov 30, 2025Updated 4 months ago
- Deploy open-source AI quickly and easily - Bonus Offer • AdRunpod Hub is built for open source. One-click deployment and autoscaling endpoints without provisioning your own infrastructure.
- Linkfinder by Rdzsp is a browser extension that automatically scans and collects endpoints from JavaScript files on websites☆33Aug 22, 2024Updated last year
- ☆43Mar 13, 2023Updated 3 years ago
- Updated Android biometric bypass script for Frida (from Kamil Breński, Krzysztof Pranczk and Mateusz Fruba, August 2019). The code resolv…☆44Jan 31, 2023Updated 3 years ago
- Archive of pentestmonkey.net cheat sheets in case the site goes away permanently☆13Oct 28, 2019Updated 6 years ago
- genAI agent providing security context, tooling for performing security analysis on CVE, components and more☆22Updated this week
- Burp suite extension to find sensitive information by checking incoming text OR binary websocket messages☆57Jan 14, 2025Updated last year
- Red-Team - AI Agent to Phish Employees based on Social Intelligence.☆24Dec 28, 2025Updated 3 months ago
- ADKAVEH - One PowerShell script for Active Directory discovery and safe attack simulation.☆37Sep 28, 2025Updated 6 months ago
- Chrome Extensions Dataset☆11Updated this week
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Empty project to quick start Proof of Concept app development☆33Feb 15, 2025Updated last year
- A library to access RTL-SDR devices and receive and demodulate radio signals from your web application.☆18Mar 19, 2026Updated 3 weeks ago
- Introduction to CYS4-SensitiveDiscoverer, a Burp extension that discovers sensitive information inside HTTP messages.☆23Nov 26, 2024Updated last year
- Burp plugin for jxscout☆20May 12, 2025Updated 11 months ago
- Windows File Explorer Spoofing Vulnerability (CVE-2025-24071)☆31Mar 27, 2025Updated last year
- ☆26Nov 15, 2024Updated last year
- ☆28Feb 23, 2023Updated 3 years ago
- Grab form parameters easily☆14Dec 11, 2024Updated last year
- EH-Bble☆10Jul 23, 2019Updated 6 years ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- The different ways to dump lsass☆285Aug 15, 2025Updated 8 months ago
- Fast Windows post-exploitation wins after initial access.☆29Jan 28, 2026Updated 2 months ago
- Microsoft Network Service Fingerprinting Tool☆69Jan 2, 2026Updated 3 months ago
- Real-Time JavaScript reverse engineering and debugging suite - Burp Suite, but for JavaScript☆17Jul 23, 2025Updated 8 months ago
- A Windows tool that converts LDIF files to BloodHound CE☆31Dec 20, 2025Updated 3 months ago
- a burp extension for dynamic payload generation to detect injection flaws (RCE, LFI, SQLi), creates access matrix based user sessions to …☆30Oct 21, 2025Updated 5 months ago
- Automated Cloud Misconfiguration Testing☆25Jun 20, 2025Updated 9 months ago
- Store 4TB in 5GB: S3-compatible storage with 99.9% compression for versioned files☆33Mar 23, 2026Updated 3 weeks ago
- Burp Suite extension to detect Web Cache Deception vulnerabilities, now compatible with the Community Edition. Automates advanced cache …☆19Apr 1, 2026Updated 2 weeks ago
- Wordpress hosting with auto-scaling - Free Trial • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Tailscale Domain Management Gateway: allow Tailscale nodes to retrieve public (Let's Encrypt) TLS certificates for custom domains.☆43Feb 11, 2026Updated 2 months ago
- zwatcher is a lightweight bash script for monitoring sub/domains or a list of sub/domains and javascript files. It compares HTTP status c…☆21Nov 23, 2025Updated 4 months ago
- The iOS Buster is a groundbreaking penetration testing tool for iOS, capable of performing both static and dynamic testing. It provides d…☆26Mar 31, 2024Updated 2 years ago
- A powerful Burp Suite extension that helps in converting requests between different formats, making web application testing more efficien…☆13Nov 18, 2024Updated last year
- Simple Django to show post-exploitation options when server-side template injection (SSTI) is present in app using Django Templates.☆24Jun 1, 2021Updated 4 years ago
- Let's make quick work of GraphQL instances ;)☆25Mar 8, 2026Updated last month
- An intentionally-vulnerable application for demonstrating the hazards of SpEL expression composition☆28Apr 17, 2018Updated 7 years ago