{"id":24651772,"url":"https://github.com/fatihtuzunn/api-pentesting-tool","last_synced_at":"2025-03-20T22:32:16.925Z","repository":{"id":273082143,"uuid":"918661646","full_name":"fatihtuzunn/api-pentesting-tool","owner":"fatihtuzunn","description":"Node.js-based API penetration testing tool with a user-friendly web interface. ","archived":false,"fork":false,"pushed_at":"2025-01-18T14:45:03.000Z","size":26,"stargazers_count":7,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-01-25T19:12:54.952Z","etag":null,"topics":["api-pentesting","api-testing","pentest-tool","pentesting","pentesting-tools","rest-api","restful-api"],"latest_commit_sha":null,"homepage":"","language":"EJS","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fatihtuzunn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-01-18T14:27:51.000Z","updated_at":"2025-01-23T07:47:57.000Z","dependencies_parsed_at":"2025-01-18T15:26:40.885Z","dependency_job_id":"16355135-ef0e-4d90-9ff6-dd1b9ffe784f","html_url":"https://github.com/fatihtuzunn/api-pentesting-tool","commit_stats":null,"previous_names":["fatihtuzunn/api-pentesting-tool"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihtuzunn%2Fapi-pentesting-tool","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihtuzunn%2Fapi-pentesting-tool/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihtuzunn%2Fapi-pentesting-tool/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fatihtuzunn%2Fapi-pentesting-tool/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fatihtuzunn","download_url":"https://codeload.github.com/fatihtuzunn/api-pentesting-tool/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244703959,"owners_count":20496214,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-pentesting","api-testing","pentest-tool","pentesting","pentesting-tools","rest-api","restful-api"],"created_at":"2025-01-25T19:13:04.840Z","updated_at":"2025-03-20T22:32:16.896Z","avatar_url":"https://github.com/fatihtuzunn.png","language":"EJS","readme":"# API Pentesting Tool\n\n## Overview\nThis is a Node.js-based API penetration testing tool with a user-friendly web interface. The tool allows security testers to perform detailed API security tests, including endpoint fuzzing, authentication bypass, rate-limiting tests, CORS policy checks, header manipulation, **JWT-based vulnerability tests**, and more. The results are presented in an easy-to-read format on the UI.\n\n## Features\n\u003e - API endpoint fuzzing\n\u003e - CORS Policy Test: Checks for misconfigured CORS policies using HTTP OPTIONS requests.\n\u003e - Header Manipulation Test: Examines how APIs respond to manipulated headers.\n\u003e - Header Security Test: Detects missing or misconfigured HTTP security headers.\n\u003e - JWT Algorithm Manipulation Test: Tests JWT vulnerabilities by altering algorithms or injecting malicious payloads.\n\u003e - Key Injection Test: Injects unauthorized claims into JWTs to test validation.\n\u003e - Blank Password Test (CVE-2019-20933 / CVE-2020-28637): Exploits vulnerabilities related to JWTs signed with blank passwords.\n\u003e - Null Signature Test (CVE-2020-28042): Evaluates if JWTs with null signatures are accepted.\n\n## Screenshots\n![2025-01-18_17-09](https://github.com/user-attachments/assets/4c08ec92-4cf1-49a9-865c-e11f15e8e55a)\n![2025-01-18_17-09_1](https://github.com/user-attachments/assets/10fb201f-cd81-4d9c-a9b0-ad6e90a9b1e0)\n![2025-01-18_17-10](https://github.com/user-attachments/assets/2e3bb456-e30e-41ab-bb2b-631f625be83b)\n![2025-01-18_17-10_1](https://github.com/user-attachments/assets/a3742937-be14-4b51-a781-018fb3141286)\n\n\n## Installation\nTo install the API Pentesting Tool, follow these steps:\n\n1. Clone the repository:\n    ```bash\n    git clone https://github.com/yourusername/api-pentesting-tool.git\n    ```\n2. Navigate to the project directory:\n    ```bash\n    cd api-pentesting-tool\n    ```\n3. Install the required dependencies:\n    ```bash\n    npm install\n    ```\n\n## Usage\nTo start using the tool, run the following command:\n```bash\nnode server.js\n```\nOpen your browser and navigate to:\n```bash\nhttp://localhost:3000\n```\n\n## Dependencies\n\u003e - Node.js: Server-side runtime.\n\u003e - Express: Web framework for building the API.\n\u003e - Axios: For HTTP requests.\n\u003e - jsonwebtoken: For decoding and manipulating JWTs.\n\u003e - EJS (or similar templating engine): For rendering the UI.\n\u003e - Bootstrap/TailwindCSS: For responsive design.\n\n## Contributing\nWe welcome contributions from the community. To contribute, please follow these steps:\n\n1. Fork the repository\n2. Create a new branch (`git checkout -b feature-branch`)\n3. Commit your changes (`git commit -am 'Add new feature'`)\n4. Push to the branch (`git push origin feature-branch`)\n5. Create a new Pull Request\n\n## License\nThis project is licensed under the MIT License. See the [LICENSE](LICENSE) file for more details.\n\n## Contact\nFor any questions or feedback, please open an issue on GitHub or contact the project maintainer at [your-email@example.com].\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffatihtuzunn%2Fapi-pentesting-tool","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffatihtuzunn%2Fapi-pentesting-tool","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffatihtuzunn%2Fapi-pentesting-tool/lists"}