Submit your favorite resources for free.

Submit
HackDB logoHackDB

Tag

API

Security tools for testing REST, GraphQL, and SOAP APIs, covering authentication flaws, authorization bypasses, and various API-specific vulnerabilities.

Back to tags
image of Shodan
Reconnaissance
Visit Website

Shodan

Details

Shodan is a search engine for Internet-connected devices, enabling users to discover and monitor exposed services and gain Internet intelligence.

APIWebExternal
image of Tenable
Security FirmsReportingApplication SecurityInfrastructure Security
Visit Website

Tenable

Details

Tenable's exposure management platform helps organizations find, prioritize, and fix cyber risks across IT, cloud, OT, and identity environments.

APIReportWebServicesExternal+3
image of Terra Security
AI SecurityApplication SecurityAPI SecurityVulnerability IntelligenceRed Team OperationsReportingCloud Security
Visit Website

Terra Security

Details

Agentic AI-powered continuous penetration testing as a service (PTaaS) platform that combines AI scale with human supervision.

AIAPIWebReportCloud+3
image of Titus
Application SecurityAPI Security
Visit Website

Titus

Details

Titus is a high-performance secrets scanner that detects and validates leaked credentials in code, binaries, and HTTP traffic for offensive engagements.

Static AnalysisAPIWebMobileExternal
image of Webhook.site
Application SecurityAPI Security
Visit Website

Webhook.site

Details

Webhook.site allows red teams to capture and inspect HTTP requests in real-time. It is essential for testing blind OOB vulnerabilities and exfiltration.

WebAPICloud
image of WuppieFuzz
API Security
Visit Website

WuppieFuzz

Details

WuppieFuzz: coverage-guided REST API fuzzer using LibAFL, easy-to-use, explainable flaws, modular, supports black/grey/white box testing.

API
image of XBOW
AI SecurityApplication SecurityVulnerability IntelligenceRed Team Operations
Visit Website

XBOW

Details

AI-powered penetration testing platform that scales offensive security, discovers vulnerabilities, and validates exploits with AI agents.

AIWebAPIVulnerability IntelligenceServices+2
image of Xygeni Security
AI SecurityApplication SecurityVulnerability IntelligenceInfrastructure Security
Visit Website

Xygeni Security

Details

Xygeni is an AI-powered ASPM platform that secures the software supply chain by detecting malware, secrets, and vulnerabilities across CI/CD pipelines.

AIStatic AnalysisVulnerability IntelligenceOSINTAPI
image of crAPI
API Security
Visit Website

crAPI

Details

crAPI is a completely ridiculous API vulnerable by design, built on a microservices architecture, designed to help understand API security risks.

APITraining
image of graphw00f
API Security
Visit Website

graphw00f

Details

Graphw00f is a GraphQL server engine fingerprinting tool. It identifies backend technologies and security defenses by analyzing unique endpoint responses.

API
image of sqlmap
Application Security
Visit Website

sqlmap

Details

sqlmap is an automatic SQL injection and database takeover tool for penetration testing and vulnerability detection.

WebMobileAPIBug Bounty