My personal list of security tools I recommend in the Approov Blog were I write articles as a Developer Advocate for security in Mobile and APIs.
- MITMPROXY or Man In The Middle Proxy - Intercept traffic from a client consuming an API.
- Fierce Domain Scanner - Enumerate hostnames for a domain.
- Certificate Transparency Logs:
- Web Interface:
- Google Transparency Report - Enumeare easily the subdomains for a given domain in order to find "private" APIs.
- Programmaticly access the certificate transparency logs:
- Web Interface:
- MobSF or Mobile Security Framework - Automatically find security vulnerabilities in your web applications while you are developing and testing your applications
- OWASP ZAP or Zed Attack Proxy - Automatically find security vulnerabilities in your web applications while you are developing and testing your applications
- GitRob - Gitrob is a tool to help find potentially sensitive files pushed to public repositories on Github.
- GitSecrets - Scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
- ShowJava - Decompiles the apk directly in the mobile phone.
- LuckyPatches - Is a modifier app for unlimited access in games and play store.
- SHODAN - Shodan is the world's first search engine for Internet-connected devices. Find vulnerable stuff connected to the internet.