Raxis API Tool

Categories: ,

Posted on

By

Bonnie Smyre

Raxis API Tool

Raxis Lead Developer, Adam Fernandez, has developed a tool to use for testing JSON-based REST APIs, and we’re sharing this tool on GitHub to help API developers test their own code during the SDLC process and to prepare for third-party API penetration tests.

At Raxis we perform several API penetration tests each year. Our lead developer, Adam Fernandez, has developed a tool to use for testing JSON-based REST APIs, and we’re sharing this tool on GitHub to help API developers test their own code during the SDLC process and to prepare for third-party API penetration tests.This code does not work on its own… it’s a base that API developers can customize specifically for their code. You can find the tool at https://github.com/RaxisInc/penetration-test/api-tool.

Here’s a basic overview of the tool from Adam himself:

The Raxis API tool is a simple Node.js class built for assessing API endpoints. The class is designed to be fully extensible and modifiable to support many different types of JSON-based REST APIs. It automatically handles token-based authentication, proxies requests, and exposes several functions designed to make it easier and faster to write a wrapper around an API and associated test code for the purposes of a penetration test. This tool is not designed to work on its own, but to serve as a building block and quickstart for code-based API penetration testing.

 

Written by

Bonnie Smyre

Bonnie Smyre, the Chief Operating Officer at Raxis, is a seasoned cybersecurity expert with over 25 years of experience in the technology industry. Bonnie began her career as a consultant and applications specialist before joining Raxis in 2013. Her unique background combines extensive IT expertise with improv skills, which she has leveraged to excel in physical security evaluations as well as in her current role leading operations at Raxis. Bonnie’s journey from a shy IT professional to a confident leader showcases her adaptability and commitment to personal growth in the cybersecurity field.

Like what you’ve learned from Raxis?

Contact us to receive an expert-led penetration test, and we’ll also show you step-by-step how to recreate our attack against your own systems.

Penetration Testing

Raxis Attack

Continuous, expert-led PTaaS combined with advanced automation to uncover and address hidden vulnerabilities, ensuring your business stays ahead of evolving cyber threats while maintaining regulatory compliance.

Learn More

Raxis Protect

Continuous vulnerability scanning, real-time asset management, and expert guidance to proactively identify and address security gaps across your entire digital ecosystem, ensuring 24/7 protection against evolving cyber threats.

Learn More

Raxis Strike

Tailored, expert-led penetration testing that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn More

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn More

Article Tags

Categories

,

More From Raxis

  • Cool Tools Series: CeWL

    Cool Tools Series: CeWL
    By Jason Taylor • March 25, 2025
    Read More
  • AD Series: Using Evil-WinRM to Get NTDS Manually

    AD Series: Using Evil-WinRM to Get NTDS Manually
    By Andrew Trexler • March 11, 2025
    Read More
  • Understanding PTaaS: Penetration Testing as a Service

    Understanding PTaaS: Penetration Testing as a Service
    By Bonnie Smyre • March 5, 2025
    Read More
  • Password Series: 8 Practical First Steps to Crack Difficult Passwords

    Password Series: 8 Practical First Steps to Crack Difficult Passwords
    By Ryan Chaplin • February 25, 2025
    Read More