performing-api-inventory-and-discovery

# Performing API Inventory and Discovery ## When to Use - Mapping the complete API attack surface of an organization before a security assessment - Identifying shadow APIs deployed by development teams without security review - Discovering deprecated or zombie API versions that remain accessible but unmaintained - Finding undocumented API endpoints exposed through mobile applications, SPAs, or microservices - Building an API inventory for compliance requirements (PCI-DSS, SOC2, GDPR) **Do not use** without written authorization. API discovery involves scanning network infrastructure and analyzing traffic. ## Prerequisites - Written authorization specifying the target domains and network ranges - Passive traffic capture capability (network tap, proxy, or cloud traffic mirroring) - Active scanning tools: Amass, subfinder, httpx, and nuclei - JavaScript analysis tools: LinkFinder, JS-Miner, or custom parsers - Access to cloud console (AWS, Azure, GCP) for API gateway inventory - Burp Suite Professional for passive API endpoint discovery ## Workflow ### Step 1: Passive API Discovery from Traffic Analysis ```python import re import json from collections import defaultdict # Parse HAR file from browser developer tools or proxy def analyze_har_for_apis(har_file_path): """Extract API endpoints from HTTP Archive (HAR) file.""" with open(har_file_path) as f: har = json.load(f) api_endpoints = defaultdict(lambda: { "methods": set(), "content_types":...