Skip to content
/ ApiBrute Public

An async API bruteforcer. it is a fast, lightweight endpoint discovery tool built using asyncio + httpx. It takes a target URL and a wordlist, then scans for valid API routes, hidden admin panels. Created by kaidcodec, it's designed for quick recon, bug bounty workflows or general endpoint mapping.

License

MIT license
9 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kaifcodec/ApiBrute

BranchesTags

Repository files navigation

⚡ ApiBrute

🔥 “Fast. Silent. Effective. Just like it should be.”

🛠️ A lightning-fast, lightweight endpoint brute-forcer written in Python using asyncio + httpx.
Built for hackers, pentesters, and curious minds — by kaifcodec.

🚀 Features

  • Async-powered — 10x faster than traditional scanners
  • 📂 Built-in wordlist — zero setup needed
  • 🎯 Targets API & admin routes effortlessly
  • 🧠 Minimal, readable code — tweak it your way
  • 💻 Works on Linux, Windows, and Termux

📦 Requirements (python packages)

httpx
colorama

📦 Install

pip install -r requirements.txt

Or for manual installation:

pip install httpx
pip install colorama

🔧 Usage

Main script

cd ApiBrute
python3 apibrute.py

Then follow the on screen commands

Wordlist Generator

cd ApiBrute/wordlist_generator
python3 generate_worlist.py --help
# or only
python3 generate_wordlist.py # for generating wordlist with pre defined sets inside the script

usage: generate_worlist.py [-h] [--verbs VERBS] [--nouns NOUNS] [--prefixes PREFIXES]
                           [--versions VERSIONS] [--suffixes SUFFIXES] [--case CASE] [--no-plural]
                           [--max MAX] [-o OUTPUT] [--seed SEED] [--tech TECH]

Generate API endpoint wordlist with rich variations.

options:
  -h, --help            show this help message and exit
  --verbs VERBS         Path to verbs file (one per line).
  --nouns NOUNS         Path to nouns file (one per line).
  --prefixes PREFIXES   Path to prefixes file.
  --versions VERSIONS   Path to versions file.
  --suffixes SUFFIXES   Path to suffixes file.
  --case CASE           Comma list of case styles.
  --no-plural           Disable noun pluralization.
  --max MAX             Max patterns to emit.
  -o OUTPUT, --output OUTPUT
                        Output file.
  --seed SEED           Path to seed endpoints to include (one per line).
  --tech TECH           Comma list of tech hints (e.g., laravel,spring,django,express).

Optional: Plug in your own wordlist · just modify the script.

🐍 Example Output

[200] https://target.com/api/login
[403] https://target.com/admin
[301] https://target.com/config

✨ Why?

Because waiting is boring.
Because most scanners are too loud, too slow, or too bloated.
This tool is fast, focused, and made for action.

👨‍💻 Author

Created with focus & fire by kaifcodec

📜 License

MIT — Use it. Fork it. Break stuff responsibly. 😎

About

An async API bruteforcer. it is a fast, lightweight endpoint discovery tool built using asyncio + httpx. It takes a target URL and a wordlist, then scans for valid API routes, hidden admin panels. Created by kaidcodec, it's designed for quick recon, bug bounty workflows or general endpoint mapping.

Topics

python asyncio endpoint-engineering api-bruteforce api-recon

Resources

Readme

License

MIT license
Activity

Stars

9 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases 2

Version=>1.1.0 Latest
Sep 15, 2025
+ 1 release

Packages

No packages published

Languages