Api Security Collection

◆

◆

◆

◆

🔮Psychic

★★★★

“Automatic SQL injection and database takeover tool”

◆

◆

◆

◆

📦Normal

★★

“Complete Practical Study Plan to become a successful cybersecurity engineer based on roles like Pentest, AppSec, Cloud Security, DevSecOps and so on...”

◆

◆

◆

◆

📦Normal

★★

“A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.”

◆

◆

◆

◆

⚡Thunder

★★

“APIKit：Discovery, Scan and Audit APIs Toolkit All In One.”

◆

◆

◆

◆

📦Normal

★★

“This challenge is Inon Shkedy's 31 days API Security Tips.”

◆

◆

◆

◆

📦Normal

★★

“A Collection of Notes, Checklists, Writeups on Bug Bounty Hunting and Web Application Security.”

◆

◆

◆

◆

🌊Water

★★

“An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses”

◆

◆

◆

◆

💎Aqua

★★

“Metlo is an open-source API security platform.”

◆

◆

◆

◆

💻Normal

★★

“Industry-leading free, high-performance, AI and semantic technology Web Application Firewall and API Security Gateway (WAAP) - UUSEC WAF.”

◆

◆

◆

◆

🔥Fire

★★

“open-appsec is a machine learning security engine that preemptively and automatically prevents threats against Web Application & APIs. This repo include the main code and logic.”

◆

◆

◆

◆

⚡Thunder

★★

“Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure”

◆

◆

◆

◆

📦Normal

★★

“Hunt every Endpoint in your code, expose Shadow APIs, map the Attack Surface.”

◆

◆

◆

◆

⚙️Steel

★★

“Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.”

◆

◆

◆

◆

📦Normal

★★

“A Huge Learning Resources with Labs For Offensive Security Players”

◆

◆

◆

◆

📦Normal

★★

“Organize your API security assessment by using MindAPI. It's free and open for community collaboration.”

◆

◆

◆

◆

📦Normal

★★

“Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.”

◆

◆

◆

◆

📦Normal

★★

“🔥 A curated list of awesome links related to application security related to the environments with NGINX or Kubernetes Ingres Controller (based on NGINX)”

◆

◆

◆

◆

⚡Electric

★★

“Passive API key and secret discovery browser extension for Chrome and Firefox. 80+ detection patterns, zero config.”