Raxis API Tool

Categories: ,

Posted on

By

Raxis API Tool

At Raxis we perform several API penetration tests each year. Our lead developer, Adam Fernandez, has developed a tool to use for testing JSON-based REST APIs, and we’re sharing this tool on GitHub to help API developers test their own code during the SDLC process and to prepare for third-party API penetration tests.This code does not work on its own… it’s a base that API developers can customize specifically for their code. You can find the tool at https://github.com/RaxisInc/penetration-test/api-tool.

Here’s a basic overview of the tool from Adam himself:

The Raxis API tool is a simple Node.js class built for assessing API endpoints. The class is designed to be fully extensible and modifiable to support many different types of JSON-based REST APIs. It automatically handles token-based authentication, proxies requests, and exposes several functions designed to make it easier and faster to write a wrapper around an API and associated test code for the purposes of a penetration test. This tool is not designed to work on its own, but to serve as a building block and quickstart for code-based API penetration testing.

 


Like what you’ve learned from Raxis?

Contact us to receive an expert-led penetration test, and we’ll also show you step-by-step how to recreate our attack against your own systems.

Raxis Attack

Continuous, expert-led PTaaS combined with advanced automation to uncover and address hidden vulnerabilities, ensuring your business stays ahead of evolving cyber threats while maintaining regulatory compliance.

Raxis Protect

Continuous vulnerability scanning, real-time asset management, and expert guidance to proactively identify and address security gaps across your entire digital ecosystem, ensuring 24/7 protection against evolving cyber threats.

Raxis Strike

Tailored, expert-led penetration testing that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

More From Raxis

  • Cool Tools Series: CeWL

    Cool Tools Series: CeWL

    By Jason Taylor • March 25, 2025
  • AD Series: Using Evil-WinRM to Get NTDS Manually

    AD Series: Using Evil-WinRM to Get NTDS Manually

    By Andrew Trexler • March 11, 2025
  • Understanding PTaaS: Penetration Testing as a Service

    Understanding PTaaS: Penetration Testing as a Service

    By Bonnie Smyre • March 5, 2025
  • Password Series: 8 Practical First Steps to Crack Difficult Passwords

    Password Series: 8 Practical First Steps to Crack Difficult Passwords

    By Ryan Chaplin • February 25, 2025