Identify vulnerabilities in your API's using the OpenAPI Security Scanner
$ npm install -g @openapi-security-scanner/cli
$ npx @openapi-security-scanner/cli
The scan command uses your OpenAPI definition, provided hostname and optional headers to start fuzzing your API.
npx @openapi-security-scanner/cli scan \
--api-definition api.yaml \
--host api.example.com \
--headers "Cookie: ..."
| Package | Description |
|---|---|
| @openapi-security-scanner/cli | Scan your API's in your CI/CD pipeline or from your local machine using the CLI |
| @openapi-security-scanner/fuzzers | Collections of payloads that can be used for fuzzing |
| @openapi-security-scanner/request-generator | Generate Postman collections and data sets for fuzzing your API |
| @openapi-security-scanner/util | Utility functions for deduplicating shared logic |