API Scanner

About this tool

The API Vulnerability Scanner is a custom tool designed to assess the security of REST APIs quickly. It performs comprehensive security assessments against any type of REST API and finds common vulnerabilities that affect them, such as SQL Injection, Cross-Site Scripting (XSS), OS Command Injection, and others.

To use the scanner, you need to input the URL of the REST API endpoint you want to scan, as well as the API specification URL. The API specification URL is used to identify the expected behavior and input parameters of the API endpoint, which allows the scanner to perform a more thorough and accurate scan.

Before running the scan, it's recommended to check that your API specification is valid and complete. You can test your specification at https://apitools.dev/swagger-parser/online/ to ensure that it's correctly formatted and contains all the necessary information for the scanner to function properly.

The scanner also supports header authentication for APIs that require it. This includes commonly used headers like Basic Authorization headers, as well as more complex authentication methods like JWT tokens. Simply input the appropriate header with the authentication information, such as Authorization: Basic Authkey or Authorization: Bearer JWTToken, and the scanner will use that information to authenticate requests during the scan.