OWASP API Security Top 10

findmytakeover

A tool that detects dangling DNS records in a multi-cloud environment to prevent subdomain takeovers.

CloudJack

A tool that assesses AWS accounts for subdomain hijacking vulnerabilities in Route53 and CloudFront configurations.

Linkedin2username

An OSINT tool that generates username lists for companies on LinkedIn for social engineering attacks or security testing purposes.

LeakIX

LeakIX is a red-team search engine that indexes mis-configurations and vulnerabilities online.

Fuzzapi

Fuzzapi is a Rails application with a user-friendly UI for API_Fuzzer gem and Docker setup.

LunaTrace

An Open Source supply chain security and auditing tool that tracks projects and dependencies, monitoring for vulnerabilities and issues.

Yara-Scanner

Python-based extension for integrating a Yara scanner into Burp Suite for on-demand website scans based on custom rules.

Gamma Ray

Gamma Ray is a software that helps developers to look for vulnerabilities on their Node.js applications with a pluggable infrastructure for integration with vulnerabilities databases.