Looking for training material in API Hacking.

This page summarizes the projects mentioned and recommended in the original post on /r/HowToHack
Composer Repositories Security sql-injection Detection Exploitation

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • SecLists

    SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

    I'd first point you towards the Seclists repo, specifically at the resources they provide for discovering maybe hidden actions or endpoints on an API (Link here) . The angle of attack here would be brute forcing requests against a website that you know hosts an API, to find maybe endpoints or actions that aren't documented, or shouldn't be publicly available.

  • SQLMap

    Automatic SQL injection and database takeover tool

    You could also try testing for sql injection against query parameters with sqlmap (Link) .

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts