This tool allows you to perform security scans on various types of APIs, including REST, SOAP, and GraphQL. It provides basic and advanced scans and integrates with Swagger for automated testing.
- Basic API Scan: Quickly scan a domain for common security vulnerabilities.
- Advanced Endpoint Scan: Perform a more in-depth scan on specific API endpoints with custom headers.
- Swagger Integration: Scan APIs using Swagger documentation (URL or file).
- SOAP Endpoint Testing: Test SOAP APIs for security issues.
- GraphQL Endpoint Testing: Scan GraphQL APIs to detect vulnerabilities.
- Output: Save scan results in a JSON file for later analysis.
Install directly using pip from PyPi:
pip install apisecClone the repository and install the package using pip:
git clone https://github.com/yourusername/apisec-tool.git
cd apisec-tool
pip install .After installing apisec, run below command to install all dependecies and sync path variables.
apisec -i-
Basic Scan: Perform a basic security scan on a domain:
apisec -bs "<domain name>" -
Advanced Scan: Perform an advanced scan on a specific API endpoint:
apisec -ae "<API endpoint>" -ah "<headers in JSON format>"
-
Using Swagger JSON File: Scan APIs based on Swagger documentation:
apisec -su "<API server url>" -sf "<url or path to swagger.json file>"
-
SOAP Scan: Test a SOAP API by specifying its endpoint:
apisec -s "<SOAP API endpoint>
-
GraphQL Scan: Test a GraphQL API for security vulnerabilities:
apisec -g "<GraphQL API endpoint>"
To save the scan results to a JSON file for later analysis, use the -o option:
apisec -bs "<domain name>" -o "scan_results.json"This project is licensed under the MIT License. See the LICENSE file for more details.
| Projects | License |
|---|---|
| OWASP ZAP | Apache |
| GraphQL-Cop | MIT |
| Wapiti | GPL-2 |
| Wfuzz | GPL-2 |
| Gobuster | Apache |
| Offat | MIT |