Submit your favorite resources for free.

Submit
HackDB logoHackDB

Category

API Security

API security covers attacking and securing modern REST, GraphQL, and gRPC endpoints via IDOR, BOLA, JWT flaws, and rate-limiting bypass techniques.

Back to categories
image of Raptor
AI SecurityApplication SecurityExploit DevelopmentReverse EngineeringRed Team OperationsAPI Security
Visit Website

Raptor

Details

Autonomous security research framework that turns Claude Code into an agent for adversarial code analysis, fuzzing, and exploit generation.

AIStatic Analysis
image of RunSybil
AI SecurityVulnerability IntelligenceRed Team OperationsApplication SecurityAPI Security
Visit Website

RunSybil

Details

AI-driven pentesting platform automating hacker intuition to find vulnerabilities before exploits, reducing discovery costs.

AIVulnerability IntelligenceReportAPIWeb+4
image of Salt Security
API SecurityAI SecurityCloud SecurityApplication Security
Visit Website

Salt Security

Details

AI-infused API Security solution for the entire API lifecycle, from discovery and posture management to threat protection, including AI Agents.

APIAICloudVulnerability IntelligenceReport+2
image of Schemathesis
API Security
Visit Website

Schemathesis

Details

Schemathesis is a tool that automatically generates API tests from OpenAPI and GraphQL schemas to find bugs.

APIStatic Analysis
image of SecCheckmate
AI SecurityCloud SecurityApplication SecurityAPI SecurityWireless SecurityInfrastructure SecurityReporting
Visit Website

SecCheckmate

Details

Offline security checklist & report generator with 200+ tests across web, cloud, WiFi, firmware, and AI security domains.

ReportAICloudWebAPI+3
image of Terra Security
AI SecurityApplication SecurityAPI SecurityVulnerability IntelligenceRed Team OperationsReportingCloud Security
Visit Website

Terra Security

Details

Agentic AI-powered continuous penetration testing as a service (PTaaS) platform that combines AI scale with human supervision.

AIAPIWebReportCloud+3
image of Titus
Application SecurityAPI Security
Visit Website

Titus

Details

Titus is a high-performance secrets scanner that detects and validates leaked credentials in code, binaries, and HTTP traffic for offensive engagements.

Static AnalysisAPIWebMobileExternal
image of Webhook.site
Application SecurityAPI Security
Visit Website

Webhook.site

Details

Webhook.site allows red teams to capture and inspect HTTP requests in real-time. It is essential for testing blind OOB vulnerabilities and exfiltration.

WebAPICloud
image of WuppieFuzz
API Security
Visit Website

WuppieFuzz

Details

WuppieFuzz: coverage-guided REST API fuzzer using LibAFL, easy-to-use, explainable flaws, modular, supports black/grey/white box testing.

API
image of crAPI
API Security
Visit Website

crAPI

Details

crAPI is a completely ridiculous API vulnerable by design, built on a microservices architecture, designed to help understand API security risks.

APITraining
image of graphw00f
API Security
Visit Website

graphw00f

Details

Graphw00f is a GraphQL server engine fingerprinting tool. It identifies backend technologies and security defenses by analyzing unique endpoint responses.

API