Automatic SQL injection and database takeover tool

The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

Automated API security testing

Claude Code Skills 合集：公众号文章、会议方法论提炼、多视角对话素材、文字稿润色等 8 个 Skill

Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.

AI API 中转站检测工具：Claude 中转站检测、OpenAI 中转站检测、Gemini 中转站检测，中转站真伪检测、长上下文验证、思维签名验证、中转站红黑榜，自托管开源。

Presidio security-hardened drop-in enhancements for FastAPI APIs

Open-source security gateway for LLM APIs — prompt injection detection, PII redaction, dangerous response sanitization, and audit logging. OpenAI/Claude compatible, MCP & Agent SKILL support. Drop-in proxy for AI coding agents (Cursor, Claude Code, Codex).

Pentest Coverage Tracker is a Burp Suite extension that helps penetration testers monitor testing coverage in real time. It logs discovered endpoints and tracks whether their parameters are actually tested in Burp Suite. This helps highlight untested attack surfaces and provides clear visibility of coverage for security teams.

Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.

AWS API Gateway Security Deep dive

Research Python toolkit: TikTok Android v44.x local signing (X-Gorgon, Argus, Ladon), device_register, login client, MITM helpers, tests — educational use only.

The GenAI API Pentest Platform is a API security testing tool that leverages multiple Large Language Models (LLMs) to perform intelligent, context-aware API security assessments. Unlike traditional tools that rely on pattern matching, this platform uses AI to understand logic, predict vulnerabilities, and generate sophisticated attack scenario.

Swagger/OpenAPI/WSDL/SOAP 接口 Fuzz 工具， —— 面向 API 安全测试的轻量化命令行工具。

Your agentic API security engineer. Built by the community, for builders who care about security but don't have unlimited time or budget. Point it at your API docs it hunts down the deep vulnerabilities that actually get you breached.

Learn backend engineering through real production failure cases.

deception as a developer tool

APISCAN is a Swagger-driven API security tool for security specialists and auditors, focused on OWASP API Top 10 coverage and evidence-based reporting.

6 Claude Code skills that automate the entire pentest lifecycle. From recon to exploit chains to bug bounty reports — just give it a domain. 43 scripts, zero dependencies, pure Python.

A Burp Suite extension that automatically categorizes HTTP requests from proxy history based on user-defined keywords.