forked from Sugobet/API_Sword
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathBappDescription.html
More file actions
27 lines (25 loc) · 1.66 KB
/
BappDescription.html
File metadata and controls
27 lines (25 loc) · 1.66 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
<p>
API Sword automatically extracts and recursively discovers API endpoints from HTTP responses. It eliminates the
manual work of searching through JavaScript files to find interfaces, paths, and parameters, streamlining API
discovery during security testing.
</p>
<h2>Features</h2>
<ul>
<li>Automatically extracts links from HTTP responses within your defined scope</li>
<li>Actively sends GET and POST requests to discovered APIs and JavaScript files for deeper analysis</li>
<li>Recursively processes responses to discover additional endpoints with built-in loop prevention</li>
<li>Displays discovered APIs alongside their source JavaScript files for immediate parameter analysis</li>
<li>Automatically adds all discovered requests to Target sitemap for further testing</li>
<li>Configurable scope boundaries (URL, domain, or IP) to control scan range</li>
<li>Optional rate limiting and custom headers for testing various authorization scenarios</li>
</ul>
<h2>Usage</h2>
<ol>
<li>Navigate to the API Sword tab and configure your scope in the Scope section (URL, domain, or IP address)</li>
<li>Review settings in the Settings tab, including whether to use original headers and request rate limits</li>
<li>Browse the target application normally with your browser proxied through Burp Suite</li>
<li>API Sword will automatically capture traffic and begin discovering endpoints</li>
<li>Review discovered APIs in the API Sword Sitemap tab, where results are displayed with their source files</li>
<li>Send discovered requests to other Burp tools using <code class="InlineCode">Ctrl+R</code> for further testing
</li>
</ol>