,

Raxis API Tool

the exploit blog logo
The Exploit: Penetration Testing Insights From The Frontlines
Posted on May 4, 2018
Raxis API Tool

Written by Bonnie Smyre

At Raxis we perform several API penetration tests each year. Our lead developer, Adam Fernandez, has developed a tool to use for testing JSON-based REST APIs, and we’re sharing this tool on GitHub to help API developers test their own code during the SDLC process and to prepare for third-party API penetration tests.This code does not work on its own… it’s a base that API developers can customize specifically for their code. You can find the tool at Raxis GitHub.

Here’s a basic overview of the tool from Adam himself:

The Raxis API tool is a simple Node.js class built for assessing API endpoints. The class is designed to be fully extensible and modifiable to support many different types of JSON-based REST APIs. It automatically handles token-based authentication, proxies requests, and exposes several functions designed to make it easier and faster to write a wrapper around an API and associated test code for the purposes of a penetration test. This tool is not designed to work on its own, but to serve as a building block and quickstart for code-based API penetration testing.

 

Bonnie Smyre

Bonnie Smyre
Bonnie Smyre, the Chief Operating Officer at Raxis, is a seasoned cybersecurity expert with over 25 years of experience in the technology industry. Bonnie began her career as a consultant and applications specialist before joining Raxis in 2013. Her unique background combines extensive IT expertise with improv skills, which she has leveraged to excel in physical security evaluations as well as in her current role leading operations at Raxis. Bonnie’s journey from a shy IT professional to a confident leader showcases her adaptability and commitment to personal growth in the cybersecurity field.

About The Exploit

The Exploit is written by Raxis penetration testers. Every post is a technical writeup from someone who runs engagements for a living, with code, command output, and the reasoning behind each step. Topics include exploit research, vulnerability disclosure, tool development, and the offensive techniques showing up in current client work.

Search The Exploit Blog

Raxis Discovered CVEs

View the CVEs that Raxis engineers have uncovered and submitted.

Blog Categories

Join Our Newsletter

Name(Required)
Newsletter(Required)
Do you wish to join our newsletter? We send out emails once a month that cover the latest in cybersecurity news. We do not sell your information to other parties.