A useful vulnerability scanning tool

APIDetector is a powerful and efficient tool designed to test exposed Swagger endpoints in various subdomains, with unique intelligence to detect false positives. Particularly useful for security professionals and developers engaged in API testing and vulnerability scanning.

Function:

Flexible input: accepts a single domain or a list of subdomains in a file.
Multiple protocols: Option to test endpoints via HTTP and HTTPS.
Concurrency: Take advantage of multi-threading to speed up scanning.
Customizable output: save results to file or print to standard output.
Verbose and quiet modes: Default verbose mode for verbose logging, and quiet mode option.
Custom User Agent: Ability to specify a custom user agent for requests.
Smart False Positive Detection: Able to detect most false positives.

Tool download:

https://github.com/brinhosa/apidetector

Intention, input and output, result

Article directory

System Design - How do we understand the operating principles of those technologies in a popular way - Part 8: Linux, Security
- Preface
- - Linux file system explained
  - The 18 most commonly used Linux commands you should know
  - How does HTTPS work?
  - - How is data encrypted and decrypted?
    - Why does HTTPS switch to symmetric encryption during data transfer? There are two main reasons:
  - Oauth 2.0 explained in simple terms
  - - What can OAuth tokens do?
  - The 4 most used forms of authentication mechanisms
  - Sessions, cookies, JWTs, tokens, SSO and OAuth 2.0 - what are they?
  - How to store password securely in database and how to verify password?
  - - unsafe operation
    - What is salt?
    - How to store password and salt?
    - How to verify password?
  - Let a 10-year-old understand JSON Web Tokens (JWT)
  - How does Google Authenticator (or other types of two-factor authenticators) work?
  - - Stage 1
    - Stage 2
    - Is this authentication mechanism secure?
  - Carry forward the patriotic spirit