← All tools

BurpAPISecuritySuite

https://teycirbensoltane.tn

Open Source

Categories

Exploitation Scanning & Enumeration Web Application

Description

Burp Suite extension for API security testing with 15 attack types, 108+ payloads, intelligent fuzzing, BOLA/IDOR detection, AI integration, and automated reconnaissance. Supports REST/GraphQL/SOAP APIs with Nuclei, Turbo Intruder, and external tool integration. OWASP API Top 10 coverage.

Keywords

ai-security api-security api-testing bola burp-extensions burp-intruder burp-suite fuzzing graphql idor jwt nuclei owasp-api-top-10 penetration-testing security-testing sql-injection turbo-intruder vulnerability-scanner xss python

Screenshots

Example Usage

{
  "metadata": {
    "timestamp": "20240115_143022",
    "total_endpoints": 15,
    "total_requests": 47
  },
  "endpoints": [
    {
      "endpoint": "GET:/api/users/{id}",
      "method": "GET",
      "normalized_path": "/api/users/{id}",
      "host": "api.example.com",
      "sample_count": 3,
      "parameters": {
        "url": ["id"],
        "body": [],
        "cookie": ["session"],
        "json": []
      },
      "auth_methods": ["Bearer Token"],
      "response_codes": [200, 404],
      "content_types": ["application/json"],
      "api_patterns": ["REST API", "JSON API", "CRUD: GET"],
      "sample_requests": [...]
    }
  ],
  "api_structure": {
    "api_types": ["REST API", "JSON API"],
    "http_methods": ["GET", "POST", "PUT", "DELETE"],
    "auth_methods": ["Bearer Token", "API Key"],
    "base_paths": ["/api/", "/v1/"]
  },
  "security_observations": [
    {
      "type": "Potential IDOR/BOLA",
      "severity": "Critical",
      "count": 5,
      "examples": ["GET:/api/users/{id}", "GET:/api/orders/{id}"],
      "recommendation": "Implement object-level authorization checks"
    },
    {
      "type": "Unauthenticated Endpoints",
      "severity": "High",