94 private links
Open source API development ecosystem - https://hoppscotch.io (open-source alternative to Postman, Insomnia) - hoppscotch/docker-compose.yml at main · hoppscotch/hoppscotch
HTTP parameter discovery suite. Contribute to s0md3v/Arjun development by creating an account on GitHub.
Vulnerable API. Contribute to InsiderPhD/Generic-University development by creating an account on GitHub.
Vulnerable REST API with OWASP top 10 vulnerabilities for security testing - erev0s/VAmPI
Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities. - GitHub - snoopysecurity/dvws-node: Damn Vulnerable Web Services is a vulnerable application with a web service and an API that can be used to learn about webservices/API related vulnerabilities.
This is vulnerable microservice written in many language to demonstrating OWASP API Top Security Risk (under development) - ne0z/DamnVulnerableMicroServices
A simple Node.js Express REST app with some OWASP vulnerabilities. - GitHub - layro01/node-api-goat: A simple Node.js Express REST app with some OWASP vulnerabilities.
GitHub - ivision-research/vulnerable-graphql-api: A very vulnerable implementation of a GraphQL API.
A very vulnerable implementation of a GraphQL API. - ivision-research/vulnerable-graphql-api
Intentionaly very vulnerable API with bonus bad coding practices - tkisason/vulnapi
completely ridiculous API (crAPI). Contribute to OWASP/crAPI development by creating an account on GitHub.
WSTG - Latest on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Helps you create requests faster, saving precious time on development.
Python API for ServiceNow. Contribute to ServiceNow/PySNC development by creating an account on GitHub.
Automagically reverse-engineer REST APIs via capturing traffic - GitHub - alufers/mitmproxy2swagger: Automagically reverse-engineer REST APIs via capturing traffic
Kubeconform is a Kubernetes manifests validation tool. Build it into your CI to validate your Kubernetes configuration!
It is inspired by, contains code from and is designed to stay close to Kubeval, but with the following improvements:
high performance: will validate & download manifests over multiple routines, caching downloaded files in memory
configurable list of remote, or local schemas locations, enabling validating Kubernetes custom resources (CRDs) and offline validation capabilities
uses by default a self-updating fork of the schemas registry maintained by the kubernetes-json-schema project - which guarantees up-to-date schemas for all recent versions of Kubernetes.
Purpose
Kubernetes sometimes deprecates apiVersions. Most notably, a large number of deprecations happened in the 1.16 release. This is fine, and it's a fairly easy thing to deal with. However, it can be difficult to find all the places where you might have used a version that will be deprecated in your next upgrade.
You might think, "I'll just ask the api-server to tell me!", but this is fraught with danger. If you ask the api-server to give you deployments.v1.apps, and the deployment was deployed as deployments.v1beta1.extensions, the api-server will quite happily convert the api version and return a manifest with apps/v1. This is fairly well outlined in the discussion in this issue.
So, long story short, finding the places where you have deployed a deprecated apiVersion can be challenging. This is where pluto comes in. You can use pluto to check a couple different places where you might have placed a deprecated version:
Easily check your clusters for use of deprecated APIs
Kubernetes 1.16 is slowly starting to roll out, not only across various managed Kubernetes offerings, and with that come a lot of API deprecations1.
Kube No Trouble (kubent) is a simple tool to check whether you're using any of these API versions in your cluster and therefore should upgrade your workloads first, before upgrading your Kubernetes cluster.
This tool will be able to detect deprecated APIs depending on how you deploy your resources, as we need the original manifest to be stored somewhere. In particular following tools are supported:
A plugin for Kubernetes command-line tool kubectl, which allows you to convert manifests between different API versions. This can be particularly helpful to migrate manifests to a non-deprecated api version with newer Kubernetes release. For more info, visit migrate to non deprecated apis