VulnAPI

VulnAPI

CerberAuth Publisher

Install latest/stable of VulnAPI

Ubuntu 16.04 or later?

Make sure snap support is enabled in your Desktop store.


Install using the command line

sudo snap install vulnapi

Don't have snapd? Get set up for snaps.

Channel Version Published

VulnAPI: An API Security Vulnerability Scanner

VulnAPI is an open-source project designed to help you scan your APIs for common security vulnerabilities and weaknesses. By using this tool, you can detect that some API potential vulnerabilities and fix security issues.

Documentation is available on Github : https://github.com/cerberauth/vulnapi

You can test the scanner against example Vulnerability challenges : https://github.com/cerberauth/api-vulns-challenges.

The scanner is capable of detecting the following vulnerabilities:

  • JWT none algorithm accepted
  • JWT not verified
  • JWT weak secret used
  • JWT null signature accepted

The scanner also detects the following security best practices:

  • CSP Header is not set
  • HSTS Header is not set
  • CORS Header is not set
  • X-Content-Type-Options Header is not set
  • X-Frame-Options Header is not set
  • HTTP Trace Method enabled
  • HTTP Cookies not marked as secure, httpOnly, or SameSite

The scanner perform some discoverability scans:

  • Server Signature exposed
  • Discovery of API endpoints using OpenAPI contracts
  • GraphQL Introspection enabled

The CLI provides detailed reports on any vulnerabilities and missing best practices detected during the scan.

Details for VulnAPI

License
  • MIT

Last updated
  • 6 October 2024 - latest/stable
  • 6 October 2024 - latest/edge

Websites

Contact

Source code

Report a bug

Report a Snap Store violation

Share this snap

Generate an embeddable card to be shared on external websites.


Install VulnAPI on your Linux distribution

Choose your Linux distribution to get detailed installation instructions. If yours is not shown, get more details on the installing snapd documentation.


Where people are using VulnAPI

Users by distribution (log)

Ubuntu 24.04
Ubuntu 22.04