Search
Collection
Category
Tag
Blog
Pricing
Submit

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates

Email

AISecKit

Curated AI security tools & LLM safety resources for cybersecurity professionals

Product

Search
Collection
Category
Tag

Resources

Blog
Pricing
Submit

Tools

🔥Marathons Tools

Company

About Us
Privacy Policy
Terms of Service
Sitemap

Copyright © 2025 All Rights Reserved.

Home
Category
sj

sj

A tool for auditing endpoints defined in exposed Swagger/OpenAPI definition files.

Introduction

Information

Publisher
AISecKit
Websitegithub.com
Published date2025/04/28

Categories

DevSecOps Tools
Penetration Testing
API Security

Tags

Open Source
Authentication
Authorization
Vulnerability Scanning
API Security
Penetration Testing

More Products

image of Phantom

DevSecOps ToolsPenetration TestingVulnerability Scanners

Phantom

A browser extension for SRC vulnerability mining, collecting sensitive information and suspicious clues from web pages.

Security Auditing Open Source Incident Response Vulnerability Scanning API Security+1

Exploiting AI

An introductory class on understanding AI security risks and mitigation strategies.

Prompt Injection Generative AI Red Team Testing Data Poisoning

Folly

Open-source LLM Prompt-Injection and Jailbreaking Playground for testing LLM security vulnerabilities.

Prompt Injection Open Source API Security Security Testing LLM Security+1

sj (Swagger Jacker)

sj is a command-line tool designed to assist with auditing exposed Swagger/OpenAPI definition files, checking API endpoints for weak authentication. It helps users quickly identify which endpoints require authentication and which do not, providing command templates for manual vulnerability testing. Key features include:

Automated endpoint auditing: Quickly assess API with commands to send requests and analyze responses.
Command templates: Generate commands for manual testing with tools like curl and sqlmap.
Endpoint and definitions extraction: Compile differing versions of API definition files.
Brute force searching: Discover hidden API operation definitions through automated requests.
Conversion capability: Convert Swagger files from version 2 to version 3.

Overall, sj streamlines the process of reviewing and testing exposed API definition files, saving time and effort in securing APIs.