Audience

Individuals wanting a tool to find vulnerabilities in their code and test their applications

About API Fuzzer

API Fuzzer allows to fuzz-request attributes using common pentesting techniques and lists vulnerabilities. API Fuzzer gem accepts an API request as input and returns vulnerabilities possible in the API. Cross-site scripting vulnerability, SQL injection, blind SQL injection, XML external entity vulnerability, IDOR, API rate limiting, open redirect vulnerabilities, information disclosure flaws, info leakage through headers, and cross-site request forgery vulnerability.

Other Popular Alternatives & Related Software
Vega
Vega
Vega can help you find and validate SQL Injection, cross-site scripting, inadvertently disclosed sensitive information, and other vulnerabilities. It is written in Java, GUI based, and runs on Linux, OS X, and Windows. Vega can help you find vulnerabilities such as: reflected cross-site scripting, stored cross-site scripting, blind SQL injection, remote file include, shell injection, and others. Vega also probes for TLS / SSL security settings and identifies opportunities for improving the security of your TLS servers. Vega includes an automated scanner for quick tests and an intercepting proxy for tactical inspection. The Vega scanner finds, SQL injection, and other vulnerabilities. Vega includes a website crawler powering its automated scanner. Vega can automatically log into websites when supplied with user credentials.
Learn more
Wapiti
Wapiti
Wapiti is a web application vulnerability scanner. Wapiti allows you to audit the security of your websites or web applications. It performs "black-box" scans (it does not study the source code) of the web application by crawling the webpages of the deployed web app, looking for scripts and forms where it can inject data. Once it gets the list of URLs, forms, and their inputs, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable. Search for potentially dangerous files on the server. Wapiti supports both GET and POST HTTP methods for attacks. It also supports multipart forms and can inject payloads in filenames (upload). Warnings are raised when an anomaly is found (for example 500 errors and timeouts). Wapiti is able to make the difference between permanent and reflected XSS vulnerabilities. Generates vulnerability reports in various formats (HTML, XML, JSON, TXT, CSV).
Learn more
Honggfuzz
Honggfuzz
Honggfuzz is a security-oriented software fuzzer. Supports evolutionary, feedback-driven fuzzing based on code coverage (SW and HW-based). It’s multi-process and multi-threaded, there’s no need to run multiple copies of your fuzzer, as Honggfuzz can unlock the potential of all your available CPU cores with a single running instance. The file corpus is automatically shared and improved between all fuzzed processes. It’s blazingly fast when the persistent fuzzing mode is used. A simple/empty LLVMFuzzerTestOneInput function can be tested with up to 1mo iteration per second on a relatively modern CPU. Has a solid track record of uncovered security bugs, the only (to date) vulnerability in OpenSSL with the critical score mark was discovered by Honggfuzz. As opposed to other fuzzers, it will discover and report hijacked/ignored signals from crashes (intercepted and potentially hidden by a fuzzed program).
Learn more
Awesome Fuzzing
Awesome Fuzzing
Awesome Fuzzing is a list of fuzzing resources including books, courses, both free and paid, videos, tools, tutorials, and vulnerable applications to practice in order to learn fuzzing and initial phases of exploit development like root cause analysis. Courses/training videos on fuzzing, videos talking about fuzzing techniques, tools, and best practices. Conference talks and tutorials, blogs, tools that help in fuzzing applications, and fuzzers that help in fuzzing applications that use network-based protocols like HTTP, SSH, SMTP, etc. Search and pick the exploits, that have respective apps available for download, and reproduce the exploit by using the fuzzer of your choice. Set of tests for fuzzing engines. Includes different well-known bugs. A corpus, including various file formats for fuzzing multiple targets in the fuzzing literature.
Learn more

Pricing

Starting Price:
Free
Free Version:
Free Version available.

Integrations

API:
Yes, API Fuzzer offers API access
See Integrations

Ratings/Reviews

Overall 0.0 / 5
ease 0.0 / 5
features 0.0 / 5
design 0.0 / 5
support 0.0 / 5

This software hasn't been reviewed yet. Be the first to provide a review:

Review this Software

Company Information

Fuzzapi
github.com/Fuzzapi/API-fuzzer

Videos and Screen Captures

API Fuzzer Screenshot 1
API Fuzzer Screenshot 1
Other Useful Business Software
Cut Your Data Warehouse Bill by 54% Icon
Cut Your Data Warehouse Bill by 54%

Migrate from Snowflake, Redshift, or Databricks with free tools. No SQL rewrites.

BigQuery delivers 54% lower TCO with serverless scale and flexible pricing. Free migration tools handle the SQL translation automatically.
Try Free

Product Details

Platforms Supported
Windows
Mac
Linux
Training
Documentation
Support
Online

API Fuzzer Frequently Asked Questions

Q: What kinds of users and organization types does API Fuzzer work with?
Q: What languages does API Fuzzer support in their product?
Q: What kind of support options does API Fuzzer offer?
Q: What other applications or services does API Fuzzer integrate with?
Q: Does API Fuzzer have an API?
Q: What type of training does API Fuzzer provide?
Q: How much does API Fuzzer cost?

API Fuzzer Product Features