Automatic SQL injection and database takeover tool
-
Updated
Jul 1, 2026 - Python
Automatic SQL injection and database takeover tool
The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.
AI API 中转站检测工具:Claude 中转站检测、OpenAI 中转站检测、Gemini 中转站检测,中转站真伪检测、长上下文验证、思维签名验证、中转站红黑榜,自托管开源。
Automated API security testing
Open-source security suite for OSINT, web scanning, API testing, SIEM integration, and AI-powered analysis
Claude Code Skills 合集:公众号文章、会议方法论提炼、多视角对话素材、文字稿润色等 8 个 Skill
Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.
Presidio security-hardened drop-in enhancements for FastAPI APIs
Open-source security gateway for LLM APIs — prompt injection detection, PII redaction, dangerous response sanitization, and audit logging. OpenAI/Claude compatible, MCP & Agent SKILL support. Drop-in proxy for AI coding agents (Cursor, Claude Code, Codex).
Pentest Coverage Tracker is a Burp Suite extension that helps penetration testers monitor testing coverage in real time. It logs discovered endpoints and tracks whether their parameters are actually tested in Burp Suite. This helps highlight untested attack surfaces and provides clear visibility of coverage for security teams.
Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.
Research Python toolkit: TikTok Android v44.x local signing (X-Gorgon, Argus, Ladon), device_register, login client, MITM helpers, tests — educational use only.
AWS API Gateway Security Deep dive
Learn backend engineering through real production failure cases.
The GenAI API Pentest Platform is a API security testing tool that leverages multiple Large Language Models (LLMs) to perform intelligent, context-aware API security assessments. Unlike traditional tools that rely on pattern matching, this platform uses AI to understand logic, predict vulnerabilities, and generate sophisticated attack scenario.
Swagger/OpenAPI/WSDL/SOAP 接口 Fuzz 工具, —— 面向 API 安全测试的轻量化命令行工具。
6 Claude Code skills that automate the entire pentest lifecycle. From recon to exploit chains to bug bounty reports — just give it a domain. 43 scripts, zero dependencies, pure Python.
APISCAN is a Swagger-driven API security tool for security specialists and auditors, focused on OWASP API Top 10 coverage and evidence-based reporting.
Your agentic API security engineer. Built by the community, for builders who care about security but don't have unlimited time or budget. Point it at your API docs it hunts down the deep vulnerabilities that actually get you breached.
deception as a developer tool
Add a description, image, and links to the api-security topic page so that developers can more easily learn about it.
To associate your repository with the api-security topic, visit your repo's landing page and select "manage topics."