cherrybomb
API auditor
A tool that audits and tests API specifications to prevent security errors and ensures APIs function as intended.
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
1k stars
12 watching
83 forks
Language: Rust
last commit: 4 months ago
Linked from 2 awesome lists
apiapi-securitybest-practicesblstbusiness-logicclicybercybersecurityfirecrackerhttpopen-sourceopenapiopenapi3securitysecurity-toolsweb-sec-scannerweb-securitywebsecurity
rust-unofficial/awesome-rust
yosriady/awesome-api-devtoolsRelated projects:
| Repository | Description | Stars |
|---|---|---|
 peachtech/peachapisec-burp | A tool for integrating automated security testing with web API analysis in Burp Suite | 2 |
 azure/counterfit | An automation tool that assesses the security of machine learning systems by bringing together various adversarial frameworks under one platform. | 818 |
 gitguardian/apisecuritybestpractices | Resources to help developers keep sensitive information secret and mitigate potential security breaches | 1,923 |
 gosecure/csp-auditor | Analyzes and configures website security policies to prevent malicious scripts from running on user devices. | 138 |
 zalando/zally | A tool that helps ensure APIs are well-designed and follow best practices by analyzing their specifications against established guidelines. | 914 |
 trapexit/scorch | A tool to catalog files and their hashes to help in discovering file corruption, missing files, duplicates, etc. | 199 |
 chrisbjr/api-guard | A package for authenticating RESTful APIs with API keys in Laravel | 691 |
 riverloopsec/killerbee | A toolkit for testing and auditing ZigBee and IEEE 802.15.4 networks | 767 |
 zimmski/go-mutesting | A tool to detect untested parts of source code by introducing small changes and testing the resulting behavior. | 650 |
 cisagov/cset | Tools to evaluate and improve cybersecurity posture in industrial control systems and information technology architecture | 1,473 |
 d35ha/callobfuscator | Tools for modifying Windows API imports to evade analysis and detection by static/dynamic analysis tools. | 984 |
 debasishm89/burpy | A tool that analyzes web application security by parsing Burp Suite logs and generating reports. | 120 |
 portswigger/html5-auditor | An HTML validation and security testing tool for identifying vulnerabilities in web applications | 4 |
 bearer/bearer | A tool for discovering and prioritizing security risks in software code | 2,112 |
 cgboal/sonarsearch | An API for querying and searching the Project Sonar dataset using Go. | 642 |