{"id":15037987,"url":"https://github.com/cyber-guy1/api-securityempire","last_synced_at":"2025-05-16T04:03:38.325Z","repository":{"id":38432029,"uuid":"462900683","full_name":"Cyber-Guy1/API-SecurityEmpire","owner":"Cyber-Guy1","description":"API Security Project aims to present unique attack \u0026 defense methods in API Security field","archived":false,"fork":false,"pushed_at":"2024-03-05T15:56:37.000Z","size":3662,"stargazers_count":1384,"open_issues_count":0,"forks_count":253,"subscribers_count":34,"default_branch":"main","last_synced_at":"2025-05-16T04:03:06.635Z","etag":null,"topics":["api","apisecurity","bug-bounty","bugbounty","bugbountytips","cybersec","cybersecurity","information-security","infosec","penetration-testing","tips"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Cyber-Guy1.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-02-23T20:48:34.000Z","updated_at":"2025-05-11T17:49:51.000Z","dependencies_parsed_at":"2024-11-28T02:32:46.326Z","dependency_job_id":"e0cb68db-c7fa-475b-bb79-e6f540a162f8","html_url":"https://github.com/Cyber-Guy1/API-SecurityEmpire","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyber-Guy1%2FAPI-SecurityEmpire","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyber-Guy1%2FAPI-SecurityEmpire/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyber-Guy1%2FAPI-SecurityEmpire/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Cyber-Guy1%2FAPI-SecurityEmpire/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Cyber-Guy1","download_url":"https://codeload.github.com/Cyber-Guy1/API-SecurityEmpire/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254464891,"owners_count":22075570,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","apisecurity","bug-bounty","bugbounty","bugbountytips","cybersec","cybersecurity","information-security","infosec","penetration-testing","tips"],"created_at":"2024-09-24T20:36:41.639Z","updated_at":"2025-05-16T04:03:38.308Z","avatar_url":"https://github.com/Cyber-Guy1.png","language":null,"readme":"# 🛡️ API Security Empire \n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/assets/66295316/8b741387-350f-4a61-bce1-d29c6a9ac27d\" width=\"60%\" height=\"60%\"\u003e\n  \u003cbr\u003e\n  \u003csmall\u003eProject Credits: \u003ca href=\"https://www.linkedin.com/in/momen-eldawakhly-3b6250204\"\u003eMomen Eldawakhly (Cyber Guy)\u003c/a\u003e\u003c/small\u003e\n\u003c/div\u003e\n\u003cbr\u003e\nIn this repository you will find: Mindmaps, tips \u0026 tricks, resources and every thing related to API Security and API Penetration Testing. Our mindmaps and resources are based on OWASP TOP 10 API, our expereince in Penetration testing and other resources to deliver the most advanced and accurate API security and penetration testing resource in the WEB!!\n\n## 🚪 First gate: ```{{Recon}}``` \n\nThe first gate to enter the API Security Empire is to know how to gather information about the API infrastructure and how to perform a powerfull recon on API to extract the hidden doors which made you compromise the whole infrastructure from, so, we provide this updated API Recon mindmap with the latest tools and methodologies in API recon:\n\n\u003cbr\u003e\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.png\" width=\"70%\" height=\"70%\" target=\"_blank\"\u003e\n  \n\u003csmall\u003e\u003cb\u003e\u003ca href=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.pdf\" target=\"_blank\"\u003ePDF Version\u003c/a\u003e | \u003ca href=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap.xmind\" target=\"_blank\"\u003eXMind Version\u003c/a\u003e\u003c/b\u003e\u003c/small\u003e\n\u003c/div\u003e\n\u003cbr\u003e\n\n### ⚔️ Weapons you will need: \n- [BurpSuite](https://portswigger.net/burp/releases)\n- [FFUF](https://github.com/ffuf/ffuf)\n- [Arjun](https://github.com/InsiderPhD/Arjun)\n- [Postman](https://www.postman.com/downloads/)\n- [SecLists](https://github.com/danielmiessler/SecLists/tree/master/Discovery/Web-Content)\n- [FuzzDB](https://github.com/fuzzdb-project/fuzzdb)\n- [SoapUI](https://www.soapui.org/downloads/soapui/)\n- [GraphQL Voyager](https://apis.guru/graphql-voyager/)\n- [Graphinder](https://github.com/Escape-Technologies/graphinder)\n- [Kiterunner](https://github.com/assetnote/kiterunner)\n- [unfurl](https://github.com/tomnomnom/unfurl)\n\n### 🏋️ Test your abilities and weapons: \n- [vapi](https://github.com/roottusk/vapi)\n- [Generic-University](https://github.com/InsiderPhD/Generic-University)\n\n## 🚪 Second gate: ```{{Attacking}}```\n\n### Attacking RESTful \u0026 SOAP:\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.png\" target=\"_blank\"\u003e\n\u003cbr\u003e\n\u003csmall\u003e\u003cb\u003e\u003ca href=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.pdf\" target=\"_blank\"\u003ePDF Version\u003c/a\u003e | \u003ca href=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20ATTACK.xmind\" target=\"_blank\"\u003eXMind Version\u003c/a\u003e\u003c/b\u003e\u003c/small\u003e\n\u003c/div\u003e\n\u003cbr\u003e\n\n### Attacking GraphQL:\n\nDue to the limited attacks in the GraphQL we tried to generate all the possible attacks due to our experience in testing APIs in the coming mindmap:\n\n\u003cdiv align=\"center\"\u003e\n\u003cimg src=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.png\"\u003e\n\u003cbr\u003e\n\u003csmall\u003e\u003cb\u003e\u003ca href=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.pdf\" target=\"_blank\"\u003ePDF Version\u003c/a\u003e | \u003ca href=\"https://github.com/Cyber-Guy1/API-SecurityEmpire/blob/main/assets/API%20Pentesting%20Mindmap%20%7B%7BGraphQL%20Attacking%7D%7D.xmind\" target=\"_blank\"\u003eXMind Version\u003c/a\u003e\u003c/b\u003e\u003c/small\u003e\n\u003c/div\u003e\n\u003cbr\u003e\n\nWhile attacking GraphQL, the most important phase is the enumeration of mutations and queries, without which you will not be able to perform full GraphQL testing, to do so, I'm using the *Apollo GraphQL Sandbox*, Apollo enumerates the queries and mutations, then sorting them in front of you, after that you can chose the action you want to perform using mutations or the data you want to retrive using queries by just chosing them via GUI and Apollo will write down the query automatically. What makes Apollo special is that it's a web based explorer, which means no need to install and you can run it against your local GraphQl too!!\n\n- [Apollo Sandbox](https://studio.apollographql.com/sandbox/explorer)\n\n## 🙏 Special thanks:\n- [roottusk](https://github.com/roottusk)\n- [Portswigger](https://github.com/PortSwigger)\n- [Tomnomnom](https://github.com/tomnomnom)\n- [assetnote](https://github.com/assetnote/kiterunner)\n- [danielmiessler](https://github.com/danielmiessler)\n- [InsiderPhD](https://github.com/InsiderPhD)\n- [ffuf](https://github.com/ffuf/)\n- [OWASP](https://github.com/OWASP)\n\n## 📝 License:\n\n\u003cimg src=\"https://user-images.githubusercontent.com/97954690/155418561-30c6292d-877c-4acf-ac90-531d8661a455.png\" width=\"20%\" height=\"20%\" target=\"_blank\"\u003e\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyber-guy1%2Fapi-securityempire","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyber-guy1%2Fapi-securityempire","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyber-guy1%2Fapi-securityempire/lists"}