Fork me on GitHub
OpenAPI Initiative

Security

Click on a heading to sort.
Filter using one or more keywords
Click the More Details button for more information on a tool

Note: The homepage and repository links may lead to the same place!

Name Description Home Repo 3.1? 3.0? 2.0? Stars Properties
ratemyopenapi Free and open source OpenAPI automated review and validation tool. Link Link Yes Yes No 15
StackHawk HawkScan StackHawk is an application vulnerability scanner purpose built for developers to use in the DevOps pipeline. It leverages a provided OpenAPI v2 or v3 spec file for route discovery and enhanced scanning. Link Link No Yes Yes N/A
FireTail FireTail provides discovery, logging, posture management and in-line enforcement of APIs using OpenAPI. API governance is backed by cloud provider integrations and a suite of open-source application libraries. Link Link No Yes Yes N/A
42crunch A unique set of integrated API security tools that allow discovery, remediation of OpenAPI vulnerabilities and runtime protection against API attacks. Link No No Yes Yes N/A
openapi-fuzzer Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free! Link Link No Yes No 513
cats CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance. Link Link Yes Yes Yes 1091
API Insights RestCase executes hundrends of security and quality checks against the API definition, the API insights report provides detailed security scoring for prioritization, and remediation advice to help developers define the best API definition possible. Link No No Yes Yes N/A
OWASP ZAP The ZAP core project Link Link No Yes Yes 11983
OpenAPI3 Fuzzer Simple fuzzer for OpenAPI 3 specification based APIs Link Link No Yes No 20
Mayhem for API 🤖 Run a Mayhem for API scan in GitHub Actions Link Link Yes Yes Yes 24
Treblle Treblle is a lightweight SDK that helps Engineering and Product teams build, ship, and maintain REST based APIs faster. Link No Yes Yes No N/A
RESTler RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. No Link No Yes Yes 2461