Offensive Security for Api Security

Offensive security services with penetration testing and vulnerability assessments

A Go-based web spider tool for automated crawling and data collection from web resources across multiple protocols and formats.

An automated reconnaissance tool that crawls domains to discover URLs and scan for exposed secrets, API keys, and sensitive files during security assessments.

x8 is a hidden parameters discovery suite that automatically identifies undocumented parameters in web applications and APIs for security testing purposes.

Hackazon is a vulnerable web application storefront designed for security professionals to practice testing modern web technologies and identifying common vulnerabilities.

A collection of CLI tools and API utilities for searching and filtering GitHub repositories by various criteria including keywords, users, organizations, and repository attributes.

Tool to identify and understand code-injection vulnerabilities in Windows 7 UAC whitelist system.

Aptoide is an alternative Android application marketplace that enables APK downloads and metadata retrieval for mobile security research and analysis.

Kiterunner is a tool for lightning-fast traditional content discovery and bruteforcing API endpoints in modern applications.

A framework for executing cloud attacker tactics, techniques, and procedures (TTPs) that can generate APIs, Sigma detection rules, and documentation from YAML-based definitions.

GraphSpy is a browser-based post-exploitation tool for Azure Active Directory and Office 365 environments that enables token management, reconnaissance, and interaction with Microsoft 365 services.