API

GraphQL Cop

GraphQL Cop is a Python utility for running security tests against GraphQL APIs, ideal for CI/CD checks and vulnerability reproduction.

API Security

GraphQL Security

Assess the security of your GraphQL apps: authorization, access control, complexity limits, introspection, DDOS, and injections.

API Security

GraphQL Voyager

GraphQL Voyager: Visualize any GraphQL API as an interactive graph, aiding in understanding and exploration of its schema and relationships.

API SecurityApplication Security

GraphQLmap

GraphQLmap is a scripting engine for GraphQL endpoint pentesting, automating queries and fuzzing for vulnerabilities.

API Security

InQL

InQL is a Burp Suite extension for advanced GraphQL testing, offering vulnerability detection and customizable scans.

Application Security

Interactsh

Interactsh is a tool and service for capturing and handling out-of-band interactions during security testing.

Internal Web API

Application SecurityAPI Security

JWT Debugger

JWT Debugger is a web application to create, encode, decode, and debug JWT (JSON Web Tokens).

Web API Static Analysis

API SecurityReconnaissance

Kiterunner

Kiterunner is a contextual content discovery tool for modern web applications and APIs, excelling in route/endpoint bruteforcing.

API Bruteforce Web

Reconnaissance

LeakInsight API

LeakInsight API is a data leak detection service that helps developers and businesses identify leaked credentials and security risks across a vast database.

Application SecurityAPI SecurityAI Security

Moxy

Moxy is an open-source DAST tool with agentic AI for modern web application security testing and automated pentesting workflows.

AI API Web

Application Security

Payloads All The Things