Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

API Scanner

API Scanner is an automated security testing tool that scans REST and SOAP APIs for vulnerabilities using OpenAPI/Swagger specifications and WSDL files.

Docker Hub: cysecurity/api-scanner

Features

  • OpenAPI Scan - Upload an OpenAPI spec (JSON/YAML) to scan REST API endpoints for security vulnerabilities. Supports unauthenticated and authenticated scans with Basic, Bearer, or API key authentication.

  • SOAP Scan - Upload a WSDL/XML file to scan SOAP web service operations. Supports Basic, Bearer, API key, and WS-Security authentication.

  • API Discovery - Scan a target URL to automatically discover API endpoints, OpenAPI/Swagger definitions, GraphQL endpoints, and health check paths.

  • JSON to YAML Converter - Convert OpenAPI specification files from JSON to YAML format.

Getting Started

See the Getting Started guide to access the web panel and log in.