API Hunter is a bash script designed for automated API reconnaissance and vulnerability scanning. Built for bug bounty hunters and penetration testers, it chains multiple tools to map out an application's API attack surface.
The primary goal is to discover hidden API endpoints, extract parameters for BOLA/IDOR testing, identify exposed documentation (Swagger/OpenAPI), leak secrets, and scan for high/critical API vulnerabilities.
Ensure the following tools are installed and available in your system's PATH:
chmod +x apihunter.sh
./apihunter.sh <target-domain.com>- Subdomain Mapping: Uses Subfinder, prioritizing API-related keywords.
- Host Resolution: Uses Httpx to filter alive web servers.
- Documentation Hunting: Probes for common Swagger and OpenAPI paths.
- JavaScript Crawling: Uses Katana to extract routes and endpoints.
- Secret Inspection: Uses Cariddi to passively scan for leaked tokens and secrets.
- Parameter Extraction: Filters extracted URLs to isolate parameters for IDOR/BOLA testing.
- Vulnerability Scanning: Runs Nuclei with strict API, token, and exposure tags (High/Critical severity only).
Results are saved in a dedicated directory (<target>-API/), providing clean text files for further manual exploitation.