The OWASP OFFAT tool autonomously assesses your API for prevalent vulnerabilities, though full compatibility with OAS v3 is pending. The project remains a work in progress, continuously evolving towards completion.

Automated API security testing

Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.

AWS API Gateway Security Deep dive

Hands-on secure code review training: learn to find vulnerabilities in Flask, Django, FastAPI through production-quality examples. Whitebox pentesting for modern web frameworks.

The GenAI API Pentest Platform is a API security testing tool that leverages multiple Large Language Models (LLMs) to perform intelligent, context-aware API security assessments. Unlike traditional tools that rely on pattern matching, this platform uses AI to understand logic, predict vulnerabilities, and generate sophisticated attack scenario.

Swagger/OpenAPI/WSDL/SOAP 接口 Fuzz 工具， —— 面向 API 安全测试的轻量化命令行工具。

A Burp Suite extension that automatically categorizes HTTP requests from proxy history based on user-defined keywords.

APISCAN is a Swagger-driven API security tool for security specialists and auditors, focused on OWASP API Top 10 coverage and evidence-based reporting.

Code for the Workshop Securing APIs with OAuth in Python

This package facilitates the way of API Signing in Django projects.

AI-Powered Mobile Application Penetration Testing Tool

🚀 Transform cto.new API into a fully compatible OpenAI format with enginelabs-2api, a lightweight and efficient proxy service for seamless integration.

An integrated tool to detect, fingerprint, and explore GraphQL endpoints.

Lightweight CLI tool for scanning REST APIs for CORS issues, methods, and info leaks.

API GPT is your co-pilot for API security testing, helping you brainstorm and ask anything to API.

FastAPI rate limiter for LLM APIs with hierarchical token buckets

An analytics-focused URL shortening service built with FastAPI and async SQLAlchemy. Designed for accurate click tracking using 302 redirects, secure JWT authentication, and AI-powered insights with Google Gemini.

Quickstart Approov integration example for the Python FastAPI framework

This repository is a collection of highly optimized API templates designed to help developers quickly build efficient, scalable, and secure APIs for various purposes. Whether you're building a simple CRUD application, an authentication system, or a complex microservice architecture, you'll find reusable templates that follow industry best practices