A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

This challenge is Inon Shkedy's 31 days API Security Tips.

Metlo is an open-source API security platform.

Bug Bounty Tricks and useful payloads and bypasses for Web Application Security.

Fuzzer and Lightweight CLI Client for Postman Collections

API Penetration Testing Notes

The GenAI API Pentest Platform is a API security testing tool that leverages multiple Large Language Models (LLMs) to perform intelligent, context-aware API security assessments. Unlike traditional tools that rely on pattern matching, this platform uses AI to understand logic, predict vulnerabilities, and generate sophisticated attack scenario.

Tool to hack Graphql

regex Hunter- Fast website endpoint sensitive data and Leaks JS files endpoint API Key Scraper

A Swiss knife for API security testing including a docker image, some labs and resources.

Praktek API Penetration Testing menggunakan Owasp crAPI

ScriptOcalypse 🏴‍☠️- Nothing here… just a lot of weird ideas with a chaotic mix of lemonade, boredom, and automation that somehow work.

Create a Postman Collection from an endpoint running Swagger UI

Praktek API Penetration Testing menggunakan Vulnerable API Vampi

This repository is for cyber-security learning path. which contains notes, walk-through for CTF's from different platforms

My Personal Blog

JSON Web Token Bruteforcing tool written in Rust

Create a Postman Collection from an endpoint running Swagger UI

Comprehensive API Penetration Testing repository. Focused on identifying, exploiting, and mitigating vulnerabilities across REST, GraphQL, and SOAP APIs. Features practical guides, tools, and cheat sheets aligned with the OWASP API Security Top 10 to help security professionals secure data layers and backend business logic.

📄 Access SEC EDGAR filings with this REST API, delivering filing metadata and direct document links for efficient data retrieval.