A collection of awesome API Security tools and resources. The focus goes to open-source tools and resources that benefit all the community.

APIKit：Discovery, Scan and Audit APIs Toolkit All In One.

Tests your API automatically for common API vulnerabilities. Project is still Work In Progress. PRs are appreciated.

API Penetration Testing Notes

A Swiss knife for API security testing including a docker image, some labs and resources.

This is a Python based API-Security framework containing ApiSecurityHeader.py script which will check the Security response headers mentioned in OWASP Secure Headers Project are present and contains the required value.

A complete package for security testing of REST, SOAP and GraphQL APIs for vulnerabilities.