cerberauth/vulnapi
API Security Vulnerability Scanner designed to help you secure your APIs.
30 Releases
Latest: 2mo ago
v0.9.0Latest
emmanuelgautier·2mo ago·April 14, 2026📋 What's Changed
- Update dependencies by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/278
- fix: disable gosec for somes not relevant lines by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/282
- Update golang version and dependencies by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/281
- chore(deps): update goreleaser/goreleaser-action action to v7 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/279
- chore(deps): update docker/login-action action to v4 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/284
- Update docs (rewrite for astro starlight) by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/283
- ci: reuse cerberauth/ci workflows and actions by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/286
- feat: refactor goreleaser and add packages by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/287
- + 4 more
✨ New Contributors
- @MichaelMVS made their first contribution in https://github.com/cerberauth/vulnapi/pull/290
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.8.10...v0.9.0
v0.8.10
emmanuelgautier·6mo ago·December 7, 2025📋 What's Changed
- chore(deps): update golangci/golangci-lint-action action to v8 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/260
- chore(deps): update actions/setup-go action to v6 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/269
- chore(deps): update actions/stale action to v10 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/270
- chore(deps): update actions/checkout action to v5 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/267
- chore(deps): update golangci/golangci-lint-action action to v9 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/273
- chore(deps): update actions/checkout action to v6 by @renovate[bot] in https://github.com/cerberauth/vulnapi/pull/274
- Check TLS before scanning and use HTTP when TLS is not available and no protocol is in URL by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/275
- feat(openapi): ensure that scan run even without security scheme by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/276
- + 2 more
v0.8.9
emmanuelgautier·1y ago·April 6, 2025📋 What's Changed
- feat: update dependencies by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/257
- Upgrade golangci lint by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/258
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.8.8...v0.8.9
v0.8.8
emmanuelgautier·1y ago·February 16, 2025✨ Features
- Link scans to issues in reports (https://github.com/cerberauth/vulnapi/pull/251)
🐛 Bug Fixes
- Add missing snap interfaces (https://github.com/cerberauth/vulnapi/pull/250)
🧪 Tests
- Test more openapi fake body (https://github.com/cerberauth/vulnapi/pull/249)
📝 Documentation
- Add docs about a new endpoint for testing purpose (https://github.com/cerberauth/vulnapi/pull/248)
📦 Dependencies
- Upgrade Golang version (https://github.com/cerberauth/vulnapi/pull/252)
- Update dependencies (https://github.com/cerberauth/vulnapi/pull/253)
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.8.7...v0.8.8
v0.8.7
emmanuelgautier·1y ago·January 18, 2025📋 What's Changed
- Add Healthcheck endpoints discovery scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/241
- fix: nil pointer exceptions by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/242
- fix(deps): update all non-major dependencies by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/245
- ci: fix snapcraft and choco cli install by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/246
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.8.6...v0.8.7
v0.8.6
emmanuelgautier·1y ago·December 22, 2024✨ New Feature
- Discover Well-Known paths and leaked files by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/240
📋 What's Changed
- Make discovery faster by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/237
- Remove OpenAPI and GraphQL discovery from cURL scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/238
- Make weak JWT scan offline and faster by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/239
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.8.5...v0.8.6
v0.8.5
emmanuelgautier·1y ago·December 15, 2024📋 What's Changed
- Add HTTP Basic support by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/231
- Fix: Authentication bypass false positive by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/232
- Fix: Manage openapi wrongly parsed example params and unsupported media types by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/235
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.8.4...v0.8.5
v0.8.4
emmanuelgautier·1y ago·December 1, 2024📋 What's Changed
- Refactor security schemes by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/221
- Update seclists by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/226
- CI: Add OpenAPI and API Key automated tests by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/227
- Add API Key authentication support by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/228
- Limit the depth when openapi params reference itself by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/229
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.8.3...v0.8.4
v0.8.3
emmanuelgautier·1y ago·November 9, 2024📋 What's Changed
- Add HTTP Misconfigurations scans by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/208
- Add HTTP Method override scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/209
- Add setter and getter for default client by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/212
- Refactor request package by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/213
- Add stale github workflow by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/214
- Improve Graphql introspection scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/215
- Add SQA errors and more metrics by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/218
- Update docs by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/219
- + 2 more
v0.8.2
emmanuelgautier·1y ago·October 17, 2024📋 What's Changed
- Add golangci lint by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/198
- Prepare to move to nextra 3 remote files by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/199
- Docs: add copy buttons by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/200
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/188
- Refactor report by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/184
- fix: status_code to statusCode in report output by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/201
- Tests scans with challenges by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/186
- Keep JWT claims in the same order by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/195
- + 7 more
v0.8.1
emmanuelgautier·1y ago·October 6, 2024📋 What's Changed
- chore: add more homebrew test by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/182
- Add no-progress scans arg by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/185
- fix: add security schemes when operation is not nil by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/190
- Include and exclude scans before execution step by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/191
- Increase rate limit for discovery tests by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/193
- Set the JWT expiration time in the future if the token has expired by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/192
- Add jwt weak secret in report data by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/194
- Add summary report output with scans number per status by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/196
- + 2 more
v0.8.0
emmanuelgautier·1y ago·September 29, 2024📋 What's Changed
- fix choco doc link by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/162
- feat: scan report output by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/165
- Update docs by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/170
- upgrade yaml pkg v3 by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/171
- fix: include all scans by default by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/169
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/163
- Prepare new homebrew formula to be published by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/168
- Use stderr when at least one vuln is higher than a threeshold by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/174
- + 5 more
v0.7.3
emmanuelgautier·1y ago·September 16, 2024📋 What's Changed
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/153
- fix(deps): update github.com/cerberauth/x digest to 179f1e7 by @renovate in https://github.com/cerberauth/vulnapi/pull/154
- chore: move documentation to main repo by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/156
- chore: update vuln docs by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/158
- ci: upgrade go version from 1.22 to 1.23 by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/159
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/155
- Goreleaser SBOM by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/160
- fix(deps): update github.com/cerberauth/x digest to d0ec204 by @renovate in https://github.com/cerberauth/vulnapi/pull/157
- + 2 more
v0.7.2
emmanuelgautier·1y ago·August 21, 2024📋 What's Changed
- generate fake request body data by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/152
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.7.1...v0.7.2
v0.7.1
emmanuelgautier·1y ago·August 16, 2024📋 What's Changed
- fix(deps): update github.com/cerberauth/x digest to e63a3ee by @renovate in https://github.com/cerberauth/vulnapi/pull/137
- fix(deps): update module github.com/projectdiscovery/wappalyzergo to v0.1.10 by @renovate in https://github.com/cerberauth/vulnapi/pull/138
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/139
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/140
- chore: update golang debian version by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/141
- feat: move discover in a dedicated command by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/144
- feat: add protocol when missing in url by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/145
- feat: test address is reachable before scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/146
- + 7 more
v0.7.0
emmanuelgautier·1y ago·July 7, 2024📋 What's Changed
- Proxy and ratelimit by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/99
- Validate OpenAPI by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/101
- chore: update renovate config org by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/103
- feat: rename rate limit arg by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/104
- feat: bootstrap oauth and oidc security schemes by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/106
- Fix security scheme nil value by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/108
- feat: make trace method test only global by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/109
- feat: add track method scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/110
- + 25 more
📋 What's Changed
- Proxy and ratelimit by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/99
- Validate OpenAPI by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/101
- chore: update renovate config org by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/103
- feat: rename rate limit arg by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/104
- feat: bootstrap oauth and oidc security schemes by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/106
- Fix security scheme nil value by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/108
- feat: make trace method test only global by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/109
- feat: add track method scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/110
- + 26 more
v0.6.1
emmanuelgautier·1y ago·July 7, 2024📋 What's Changed
- Proxy and ratelimit by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/99
- Validate OpenAPI by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/101
- chore: update renovate config org by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/103
- feat: rename rate limit arg by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/104
- feat: bootstrap oauth and oidc security schemes by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/106
- Fix security scheme nil value by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/108
- feat: make trace method test only global by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/109
- feat: add track method scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/110
- + 25 more
v0.6.0
emmanuelgautier·2y ago·May 7, 2024📋 What's Changed
- feat: bootstrap an http api by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/92
- feat: remove description and add id and documentation url instead by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/94
- tests: add openapi loader tests by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/96
- fix: multiple security requirements issues by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/97
- fix: manage when no valid token is provided by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/98
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.5.0...v0.6.0
v0.5.0
emmanuelgautier·2y ago·April 22, 2024📋 What's Changed
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/86
- ci: add goreleaser choco api key param by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/87
- feat: add a message asking for new issue when unexpected result or su… by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/88
- fix(deps): update github.com/cerberauth/x digest to 19736ff by @renovate in https://github.com/cerberauth/vulnapi/pull/85
- feat: improve the jwt support and differentiate with other methods by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/89
- feat: test against operation without any authorization header by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/90
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.6...v0.5.0
v0.4.6
emmanuelgautier·2y ago·April 11, 2024📋 What's Changed
- feat: add quality telemetry by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/80
- feat: add info report when no auth is detected by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/81
- feat: add progressbar by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/82
- feat: init a dedicated graphql scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/83
- feat: scan introspection endpoint with get method by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/84
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.5...v0.4.6
v0.4.5
emmanuelgautier·2y ago·April 7, 2024📋 What's Changed
- ci: use pat as a pull request rule workaround by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/78
- ci: publish to chocolatey by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/76
- fix(deps): update module github.com/getkin/kin-openapi to v0.124.0 by @renovate in https://github.com/cerberauth/vulnapi/pull/79
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.4...v0.4.5
v0.4.4
emmanuelgautier·2y ago·April 2, 2024📋 What's Changed
- Add more packages by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/74
- ci: setup choco command by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/75
- feat: use the same jwt alg as the token by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/77
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.3...v0.4.4
v0.4.4-beta.2Pre-release
emmanuelgautier·2y ago·March 28, 2024📋 Changelog
- 9a7bf0b ci: add pull request write permissions for brew
- 8c8e97a ci: add pull request write permissions for brew
v0.4.4-beta.0Pre-release
emmanuelgautier·2y ago·March 28, 2024📋 What's Changed
- Add more packages by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/74
- ci: setup choco command by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/75
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.3...v0.4.4-beta.0
v0.4.3
emmanuelgautier·2y ago·March 25, 2024📋 What's Changed
- fix(deps): update module github.com/std-uritemplate/std-uritemplate/go to v0.0.55 by @renovate in https://github.com/cerberauth/vulnapi/pull/70
- feat: perform dictionnary attack against jwt with hmac alg by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/71
- fix: validation operation properly before scanning url by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/72
- fix: change the vulnapi ua by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/73
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.2...v0.4.3
v0.4.2
emmanuelgautier·2y ago·March 22, 2024📋 What's Changed
- fix: crash when invalid jwt is filled in header by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/62
- feat: add info severity by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/67
- feat: use seclist for discoverable endpoints by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/68
- fix: report when jwt is not verified by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/69
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.1...v0.4.2
v0.4.1
emmanuelgautier·2y ago·March 11, 2024📋 What's Changed
- feat: skip jwt scan when there is not valid jwt input by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/60
- feat: add some cli curl flags placeholder by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/61
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.4.0...v0.4.1
v0.4.0
emmanuelgautier·2y ago·March 6, 2024📋 What's Changed
- fix(deps): update module github.com/brianvoe/gofakeit/v6 to v7 by @renovate in https://github.com/cerberauth/vulnapi/pull/46
- fix(deps): update all non-major dependencies by @renovate in https://github.com/cerberauth/vulnapi/pull/44
- feat: scan for insecure cookies practices by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/54
- feat: scan for discoverable openapi files by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/55
- feat: scan for graphql introspection query by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/56
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.3.1...v0.4.0
v0.3.1
emmanuelgautier·2y ago·February 28, 2024📋 What's Changed
- fix(deps): update module github.com/brianvoe/gofakeit/v6 to v7 by @renovate in https://github.com/cerberauth/vulnapi/pull/45
- refactor: make the structure easier to understand by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/47
- feat: improve command output display by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/48
- feat: allow scan without security scheme by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/49
- feat: add table rendering output for openapi scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/50
- Cli token generate by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/51
- fix: remove false positive results and improve detection based on htt… by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/52
- feat: add server signature scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/53
- + 1 more
v0.3.0
emmanuelgautier·2y ago·February 12, 2024📋 What's Changed
- chore(deps): update codecov/codecov-action action to v4 by @renovate in https://github.com/cerberauth/vulnapi/pull/38
- chore(deps): update golang docker tag to v1.22 by @renovate in https://github.com/cerberauth/vulnapi/pull/41
- feat: add openapi scan support by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/32
- feat: add http headers best practices scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/42
- feat: add http trace method scan by @emmanuelgautier in https://github.com/cerberauth/vulnapi/pull/43
- Full Changelog: https://github.com/cerberauth/vulnapi/compare/v0.2.1...v0.3.0