Check your WAF before an attacker does

• UpdatedJul 17, 2025
• Python

Proactive, Open source API security → API discovery, API Security Posture, Testing in CI/CD, Test Library with 1000+ Tests, Add custom tests, Sensitive data exposure

• UpdatedFeb 20, 2026
• Java

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

• UpdatedSep 19, 2025
• Python

API Security Vulnerability Scanner designed to help you secure your APIs.

• UpdatedFeb 15, 2026
• Go

API Pentesting Tools are specialized security tools used to test and analyze the security of Application Programming Interfaces (APIs).

• UpdatedJan 25, 2026

Automated API security testing

• UpdatedAug 2, 2024
• Python

Community generated list of API security tests to find OWASP top10, HackerOne top 10 vulnerabilities

• UpdatedFeb 16, 2026

GitHub action to run Traceable Active Security Testing in GitHub workflows

• UpdatedSep 11, 2024

ScriptOcalypse 🏴‍☠️- Nothing here… just a lot of weird ideas with a chaotic mix of lemonade, boredom, and automation that somehow work.

• UpdatedNov 19, 2025
• Python

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

• UpdatedApr 17, 2025
• Go

A community-driven list of custom Escape rules. Test your API security with rules that automatically adapt for you.

• UpdatedMar 14, 2024

Lightweight CLI tool for scanning REST APIs for CORS issues, methods, and info leaks.

• UpdatedApr 14, 2025
• Python

Bugsmirror MASST (Mobile Application Security Suite and Tools) is a comprehensive platform for end-to-end mobile application security. It offers threat detection tools for static, runtime, dynamic API testing and red teaming; robust app shielding solution for threat mitigation; threat visibility dashboard; & AI powered insight in a single platform.

• UpdatedSep 3, 2025

OWASP-Top-10-Security-Vulnerabilities-With-Node.js

• UpdatedSep 28, 2024
• JavaScript

High-performance API endpoint discovery tool for security professionals and bug bounty hunters.

• UpdatedJan 7, 2026
• Rust

Real-time API threat detection and mitigation for FinTech systems

• UpdatedFeb 12, 2026
• HTML

Replace, load and replay Postman collections to Burp, Zap, etc.

• UpdatedJan 12, 2026
• Python

A RESTful API brute-forcing tool in Go for ethical hacking practice. **Gobrute** is built for testing login passwords with multithreading, progress tracking, and customizable payloads, ideal for controlled environments like OWASP Juice Shop.

• UpdatedOct 29, 2024
• Go

An intelligent web-proxy that monitors API requests of a web application and detects API security vulnerabilities automatically.

• UpdatedNov 21, 2023
• Python

A command-line tool for performance and security testing of Node.js APIs. It supports load testing, CSRF testing, session hijacking testing, JWT validation testing, XSS, SQL Injection, and other security vulnerabilities.

• UpdatedNov 27, 2025
• JavaScript