F3ank

F3ank / ApiScanPlus

Public

Burpsuite插件用于接口路径渗透测试

13
0
69% credibility
Found Mar 17, 2026 at 13 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
AI Summary

ApiScanPlus is an extension for Burp Suite that discovers website paths and links, then tests them for security issues like unauthorized access.

How It Works

1
📰 Discover the tool

You come across ApiScanPlus, a handy add-on that helps uncover hidden links and paths on websites for better security checks.

2
🔧 Add to your scanner

You simply add this helpful extension to your favorite website security checking program.

3
🌐 Pick a website

You choose the website you want to explore and let the tool start gathering all possible links and paths.

4
🔍 Review the list

The tool shows you a full list of every path and link it found, so you can pick and choose what to test next.

5
🎛️ Set your options

You customize things like special instructions, test details, or areas to skip to make the check just right.

6
🚀 Start the deep scan

With one click, you launch the thorough test, and it checks everything automatically with your settings.

7
📊 Check the results

You browse the colorful reports, filter by what worked or failed, and spot any weak spots easily.

Strengthen security

Now you have a complete picture of hidden issues, ready to fix them and make the website safer.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 13 to 13 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is ApiScanPlus?

ApiScanPlus is a Burp Suite plugin that automates API route discovery and penetration testing by scraping JavaScript files, deep paths, and site assets for hidden endpoints. It solves the pain of manual API hunting by grabbing full route lists, filtering them precisely, and running customizable scans for issues like authorization bypass via GET/POST requests with custom headers and params. Built as a Java-based Burp extension, it's a go-to for Burp Suite GitHub downloads on Linux, Termux, or Mac setups.

Why is it gaining traction?

It stands out by combining route extraction from tools like JsRouteScan and LinkFinder with strict filtering, recursion scanning, and blocked path whitelists—features Burp pros demand for cleaner workflows. Users notice the intuitive UI for selecting paths, passive scanning, thread control, and result exports to CSV, plus one-click rescan on failures. In the Burp Suite GitHub 2025 scene, its pro-level customization for headers and bodies hooks pentesters tired of basic extensions.

Who should use this?

API security testers chasing auth bypasses in web apps, bug bounty hunters mapping asset-heavy sites, and red teamers running recursive path scans. Ideal for Burp Suite GitHub professional users on Linux or Mac who need quick endpoint collection before active exploits, or those following Burp Suite tutorials on GitHub for automated workflows.

Verdict

Worth a spin for Burp Suite GitHub Actions or pro setups if you're deep into API pentests—solid UI and docs with screenshots make it accessible despite 13 stars and a 0.7% credibility score signaling early maturity. Test it lightly; lacks broad validation but delivers focused value out of the gate.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.