Skip to content
/ api-pentesting-tool Public

Node.js-based API penetration testing tool with a user-friendly web interface.

8 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fatihtuzunn/api-pentesting-tool

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
utils
utils
 
 
views
views
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
server.js
server.js
 
 
wordlist.txt
wordlist.txt
 
 

Repository files navigation

API Pentesting Tool

Overview

This is a Node.js-based API penetration testing tool with a user-friendly web interface. The tool allows security testers to perform detailed API security tests, including endpoint fuzzing, authentication bypass, rate-limiting tests, CORS policy checks, header manipulation, JWT-based vulnerability tests, and more. The results are presented in an easy-to-read format on the UI.

Features

  • API endpoint fuzzing
  • CORS Policy Test: Checks for misconfigured CORS policies using HTTP OPTIONS requests.
  • Header Manipulation Test: Examines how APIs respond to manipulated headers.
  • Header Security Test: Detects missing or misconfigured HTTP security headers.
  • JWT Algorithm Manipulation Test: Tests JWT vulnerabilities by altering algorithms or injecting malicious payloads.
  • Key Injection Test: Injects unauthorized claims into JWTs to test validation.
  • Blank Password Test (CVE-2019-20933 / CVE-2020-28637): Exploits vulnerabilities related to JWTs signed with blank passwords.
  • Null Signature Test (CVE-2020-28042): Evaluates if JWTs with null signatures are accepted.

Screenshots

2025-01-18_17-09 2025-01-18_17-09_1 2025-01-18_17-10 2025-01-18_17-10_1

Installation

To install the API Pentesting Tool, follow these steps:

  1. Clone the repository: 
    git clone https://github.com/yourusername/api-pentesting-tool.git
  2. Navigate to the project directory: 
    cd api-pentesting-tool
  3. Install the required dependencies: 
    npm install

Usage

To start using the tool, run the following command:

node server.js

Open your browser and navigate to:

http://localhost:3000

Dependencies

  • Node.js: Server-side runtime.
  • Express: Web framework for building the API.
  • Axios: For HTTP requests.
  • jsonwebtoken: For decoding and manipulating JWTs.
  • EJS (or similar templating engine): For rendering the UI.
  • Bootstrap/TailwindCSS: For responsive design.

Contributing

We welcome contributions from the community. To contribute, please follow these steps:

  1. Fork the repository
  2. Create a new branch (git checkout -b feature-branch)
  3. Commit your changes (git commit -am 'Add new feature')
  4. Push to the branch (git push origin feature-branch)
  5. Create a new Pull Request

License

This project is licensed under the MIT License. See the LICENSE file for more details.

Contact

For any questions or feedback, please open an issue on GitHub or contact the project maintainer at [your-email@example.com].

About

Node.js-based API penetration testing tool with a user-friendly web interface.

Topics

rest-api pentesting restful-api api-testing pentest-tool pentesting-tools api-pentesting

Resources

Readme
Activity

Stars

8 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages