3.8 KiB
3.8 KiB
███████╗ ██████╗ █████╗ ███╗ ██╗███╗ ██╗███████╗██████╗
██╔════╝██╔════╝██╔══██╗████╗ ██║████╗ ██║██╔════╝██╔══██╗
███████╗██║ ███████║██╔██╗ ██║██╔██╗ ██║█████╗ ██████╔╝
╚════██║██║ ██╔══██║██║╚██╗██║██║╚██╗██║██╔══╝ ██╔══██╗
███████║╚██████╗██║ ██║██║ ╚████║██║ ╚████║███████╗██║ ██║
╚══════╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═══╝╚══════╝╚═╝ ╚═╝
Full-stack API vulnerability scanner targeting the OWASP API Security Top 10 with configurable scan modules and a React dashboard.
Learn docs here: learn modules.
What It Does
- Scans REST APIs against OWASP API Security Top 10 vulnerability categories
- Tests for authentication bypass, injection flaws, IDOR, and rate limiting weaknesses
- SQLi, authentication, IDOR, and rate limit scanner modules with configurable payloads
- JWT auth with bcrypt password hashing and session management
- Scan history tracking with detailed vulnerability reports per endpoint
- Full React dashboard for configuring scans and reviewing results
Quick Start
docker compose up -d
Visit http://localhost:8080 to open the dashboard.
[!TIP] This project uses
justas a command runner. Typejustto see all available commands.Install:
curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin
Stack
Backend: FastAPI, SQLAlchemy, PostgreSQL, Alembic, httpx, aiohttp
Frontend: React, TypeScript, Vite
Learn
This project includes step-by-step learning materials covering security theory, architecture, and implementation.
| Module | Topic |
|---|---|
| 00 - Overview | Prerequisites and quick start |
| 01 - Concepts | Security theory and real-world breaches |
| 02 - Architecture | System design and data flow |
| 03 - Implementation | Code walkthrough |
| 04 - Challenges | Extension ideas and exercises |
License
AGPL 3.0