Skip to content

Use Cases

Peter Mueller edited this page Apr 3, 2026 · 3 revisions

Use Cases

Real-world scenarios for using Vespasian in security assessments and API discovery.

Penetration Testing without API Documentation

During authorized security assessments, clients often cannot provide API documentation. Vespasian crawls the target application with a headless browser, captures every API call the frontend makes, and produces specifications that describe the discovered endpoints, parameters, and response schemas.

vespasian scan https://app.example.com -H "Authorization: Bearer <token>" -o api.yaml

Generating API Specs from Existing Proxy Captures

Pentesters already capture traffic in Burp Suite and mitmproxy during manual testing. Rather than re-crawling, Vespasian can import that traffic and generate specifications from work already done. This is especially useful for mobile application testing, where no browser crawl can observe the API calls.

vespasian import burp traffic.xml -o capture.json
vespasian generate rest capture.json -o api.yaml

Mapping API Attack Surface for Web Applications

For attack surface management, Vespasian identifies which API endpoints a web application exposes by executing its JavaScript and intercepting all outbound requests. The resulting specification can feed into further security testing tools that accept OpenAPI, GraphQL SDL, or WSDL input.

vespasian scan https://app.example.com -v -o api.yaml

Feeding into Hadrian for Authorization Testing

Generate an API specification with Vespasian, then pass it directly to Hadrian for automated OWASP API Top 10 authorization testing. This creates a complete discover-then-test workflow.

vespasian scan https://app.example.com -o api.yaml
# Then pass api.yaml to Hadrian

See Also

Clone this wiki locally