mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-27 15:12:11 +00:00
1.1 KiB
1.1 KiB
API Pentesting
Tricks
Play with routes
/files/..%2f..%2f + victim ID + %2f + victim filename
Owasp API Security Top 10
Read this document to learn how to search and exploit Owasp Top 10 API vulnerabilities: https://github.com/OWASP/API-Security/blob/master/2019/en/dist/owasp-api-security-top-10.pdf
API Security Checklist
{% embed url="https://github.com/shieldfy/API-Security-Checklist" %}
List of possible API endpoints
https://gist.github.com/yassineaboukir/8e12adefbd505ef704674ad6ad48743d
Tools
https://github.com/imperva/automatic-api-attack-tool: Imperva's customizable API attack tool takes an API specification as an input, generates and runs attacks that are based on it as an output.
https://github.com/flipkart-incubator/Astra: Another tool for api testing