AAA
Login

  • Free email delivery

API Fuzzing Lists

  • Download
  • 9 files

Tired of the same old fuzzing lists that return no results?

Try the SquareSec custom-made collection of 9 API fuzzing wordlists.

Scraped from more than 120,000 public documentations, it contains fuzzing payloads for API ports, paths, parameters, objects, headers and many more:

  • 744,000+ endpoints

  • 357,000+ object properties

  • 211,000+ object names

  • 127,000+ query parameters

  • 74,000+ parameter values

  • 35,000+ path parameters

  • 8,300+ headers

  • 5,300+ paths

  • 880+ common ports

Perfectly suitable for API discovery and reconnaissance to uncover new attack surface possibilities.

Not sure how to use it each list? Check out the details below 👇

Contents

ports.txt
  • 5.42 KB
locations.txt
  • 106 KB
headers.txt
  • 123 KB
path_parameters.txt
  • 491 KB
query_parameters.txt
  • 2.15 MB
parameters_values.txt
  • 1.09 MB
object_properties.txt
  • 5.77 MB
endpoints.txt
  • 24.6 MB
object_names.txt
  • 4.52 MB

a wordlist of each entrypoint

Ports

Most likely ports where domains host their API

locations

Possible URL path locations of the API

Headers

Custom HTTP request headers seen in other APIs

path parameters

Path parameters identify a specific resource of the endpoint

Query parameters

Query parameters used to sort/filter the endpoint resources

parameter values

List of possible values expected by APIs for a given parameter

Object properties

List of properties to discover additional object values

Endpoints

Locations that accepts requests and sends back response

object names

Common name of objects encountered in other APIs

Take your skills to the next level 👇

  • Free email delivery

API Fuzzing Lists

  • Download

Custom-made collections of 9 API fuzzing lists scraped from 100,000+ public documentations including ports, paths, parameters, objects, headers and many more.
View product

  • Free

Building & Breaking Hacking Agents

  • Course

How to build your own AI hacking agent using MCP. And how to hack MCP agents!
View product

  • Free

Offsec Toolkit

  • Closed
  • Course

The SquareSec OffSec Toolkit is designed to eliminate the most frustrating part of pentesting: finding the right tools and making them work. Too often, you might find yourself waste hours debugging errors, deciphering confusing setups, or trying to figure out how to use a tool effectively. This course addresses exactly this problem.
View product

  • Free

SOAPI Guide

  • Course

How to use SOAPI to find vulnerabilities in OpenAPI Documentations
View product

  • $9.99/mo or $99/yr (Free 30-day trial)

Web Hacking Labs

  • Course

View product

  • Waitlist

Webapp Pentest Roadmap

  • Course

The Webapp Pentest Roadmap course is designed to give you the clarity and skills you need to become a more effective pentester.
View product

  • Waitlist

Webapp defense & Hardening

  • Course

Keep your web application protected against most attacks. Learn how to protect your login forms, authorization mechanism, API endpoints, file upload and many other
View product

  • Free

Webinars & Talks

  • Course

Archive of previous live webinars about a wide range of cybersecurity topics: from pentesting to compliance and conference talks
View product