API

Application Programming Interfaces.

APIs enable software systems and applications to communicate and share data.

Types:

RESTful
JSON

API Documentation

/api
/swagger/index.html
/openapi.json

You can use Burp Scanner to crawl and audit OpenAPI documentation, or any other documentation in JSON or YAML format. You can also parse OpenAPI documentation using the OpenAPI Parser BApp. You may also be able to use a specialized tool to test the documented endpoints, such as Postman or SoapUI.

API Brute Force

http://DOMAIN.COM/<TO_FIND>/v1
http://DOMAIN.COM/<TO_FIND>/v2

Attacks

Potentially all web attacks
Try with parameter pollution (#, &, and =)
Some parameters can be used to call url API server side, try with Path Traversal.

Last updated 2 months ago

hashtagAPI Documentation

hashtagAPI Brute Force

hashtagAttacks

API Documentation

API Brute Force

Attacks