Skip to content

A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.

Notifications You must be signed in to change notification settings

riteshs4hu/API-Pentesting-Resources

Repository files navigation

API Pentesting Resources

Explore a comprehensive collection of resources designed to enhance the security of your APIs. This repository includes invaluable assets such as checklists, wordlists, GraphQL insights, JSON guides, and Logger++ filters. Additionally, you'll find hands-on labs for practical learning on API vulnerabilities.


Learn about API basics, types (including REST, GraphQL, and SOAP), essential HTTP request methods, common headers, and key concepts like API objects and actions. Gain insights into the distinctions between SOAP, REST, and GraphQL.

API-Introduction

Learn about the key concepts of GraphQL, including query language, data types, and operations (queries, mutations, and subscriptions). Explore the components of queries and mutations, the role of the schema, and the powerful tool of GraphQL introspection.

GraphQL

Learn about JSON's lightweight and human-readable structure, ideal for data transmission and storage in APIs and configuration files. Explore its data types, including strings, numbers, Booleans, NULL values, arrays, and objects.

JSON

A curated collection of Logger++ filters for API requests and responses. Each filter is accompanied by a clear description, making it easy to customize Logger++ for your API security testing and debugging needs.

Logger++

A collection of vulnerable API lab setups in this resource. This file provides detailed instructions for setting up various vulnerable APIs, including VAmPI, crAPI by OWASP, vAPI, Tiredful-API, vulnapi, Damn Vulnerable GraphQL Application (DVGA), poc-graphql, Websheep, and DVWS-node.

Vulnerable-Labs

A comprehensive checklist for API security assessment, covering REST API, GraphQL, and more. Test for common vulnerabilities, such as Broken Object Level Authorization (BOLA), Mass Assignment, Improper Assets Management, and more.

Checklist

Find common API paths, endpoints, parameters, and insights into objects and actions. These resources are valuable for enhancing your API security and testing practices."

Wordlist

References

About

A comprehensive collection of resources designed to help you enhance the security of your APIs. In this repository, you'll find a wide range of wordlists, checklists, vulnerable app setups, Logger++ filters and resources dedicated to REST APIs, JSON, and GraphQL.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published