The Exploit

Notes from the Front Lines of Penetration Testing

Raxis API Tool

Raxis API Tool

Written by

Bonnie Smyre

At Raxis we perform several API penetration tests each year. Our lead developer, Adam Fernandez, has developed a tool to use for testing JSON-based REST APIs, and we’re sharing this tool on GitHub to help API developers test their own code during the SDLC process and to prepare for third-party API penetration tests.This code does not work on its own… it’s a base that API developers can customize specifically for their code. You can find the tool at Raxis GitHub.

Here’s a basic overview of the tool from Adam himself:

The Raxis API tool is a simple Node.js class built for assessing API endpoints. The class is designed to be fully extensible and modifiable to support many different types of JSON-based REST APIs. It automatically handles token-based authentication, proxies requests, and exposes several functions designed to make it easier and faster to write a wrapper around an API and associated test code for the purposes of a penetration test. This tool is not designed to work on its own, but to serve as a building block and quickstart for code-based API penetration testing.

 

Written by

Bonnie Smyre

Bonnie Smyre, the Chief Operating Officer at Raxis, is a seasoned cybersecurity expert with over 25 years of experience in the technology industry. Bonnie began her career as a consultant and applications specialist before joining Raxis in 2013. Her unique background combines extensive IT expertise with improv skills, which she has leveraged to excel in physical security evaluations as well as in her current role leading operations at Raxis. Bonnie’s journey from a shy IT professional to a confident leader showcases her adaptability and commitment to personal growth in the cybersecurity field.

Bonnie Smyre
Bonnie Smyre, the Chief Operating Officer at Raxis, is a seasoned cybersecurity expert with over 25 years of experience in the technology industry. Bonnie began her career as a consultant and applications specialist before joining Raxis in 2013. Her unique background combines extensive IT expertise with improv skills, which she has leveraged to excel in physical security evaluations as well as in her current role leading operations at Raxis. Bonnie’s journey from a shy IT professional to a confident leader showcases her adaptability and commitment to personal growth in the cybersecurity field.

Posted on

Categories: ,

Also by Bonnie Smyre
  • Understanding PTaaS: Penetration Testing as a Service
  • Raxis listed as a Sample Vendor for Penetration Testing as a Service in two Gartner® Hype Cycle™, 2024 reports
  • SOC 2 Compliance: Is it Right for Your Organization?
  • An Inside Look at a Raxis Red Team

Human Vs AI Pentesting

While AI tools offer speed in detecting known vulnerabilities, they fall short with 20-35% false positives and only 50-65% success on complex threats like business logic flaws, as per mainstream reports from Verizon and OWASP. Human penetration testers at Raxis deliver 85-90% detection rates, precise prioritization, and ethical adaptability, ensuring your organization stays ahead of real-world attacks.

Learn More

Partner With Raxis

Partnering with Raxis empowers your business with elite penetration testing services, competitive reseller pricing, and recurring revenue opportunities, all backed by a proven track record of excellence and a commitment to staying ahead of evolving cybersecurity threats.

Learn More

Penetration Testing

Tailored, expert-led penetration testing services that uncovers hidden vulnerabilities using real-world hacker techniques, providing actionable insights to strengthen your defenses and protect against sophisticated cyber threats.

Learn More

Read More From The Exploit

  • Raxis Sales Team Meeting Customer Needs

    Specialized Services: The Answer to Your Custom Cybersecurity Needs
    By Caroline Kelly • August 21, 2025
    Read More
  • Raspberry Pi

    Raspberry Pi Planted in Failed ATM Heist
    By Brian Tant • August 14, 2025
    Read More
  • PSE & Red Team Series: The Power of Grip to Enhance the Under-Door Tool

    PSE & Red Team Series: The Power of Grip to Enhance the Under-Door Tool
    By Brad Herring • August 12, 2025
    Read More
  • Choosing a Penetration Testing Company: Part 3

    Choosing a Penetration Testing Company: Part 3
    By Caroline Kelly • July 29, 2025
    Read More

Ready to See Raxis One In Action?

See how we transform traditional pen testing into interactive security intelligence that keeps you informed every step of the way. From real-time attack progression to detailed remediation guidance, Raxis One gives you unprecedented visibility into your security posture as it’s being tested.

Schedule a Demo