Apex-C: API Vulnerability Hunter

Apex-C is an automated API security scanner that detects vulnerabilities like privilege escalation, KYC bypass, and insecure endpoints using intelligent crawling and fuzzing.

Comment

๐Ÿš€ Inspiration

Modern applications rely heavily on APIs, but many suffer from hidden vulnerabilities like broken authorization and insecure endpoints. I wanted to build a tool that can automatically discover and test these weaknesses in real-world systems.

๐Ÿ›  What it does

Apex-C is an automated API security testing engine that:

  • Discovers hidden/private API endpoints
  • Uses authenticated sessions to test real user flows
  • Performs fuzzing to detect vulnerabilities like IDOR, privilege escalation, and KYC bypass
  • Identifies sensitive data exposure in API responses

โš™๏ธ How I built it

I built Apex-C using Python with Selenium and undetected-chromedriver to simulate real user sessions. The engine:

  • Captures session tokens after login
  • Crawls application endpoints dynamically
  • Sends crafted payloads across multiple HTTP methods (GET, POST, PUT, PATCH, DELETE)
  • Analyzes responses for sensitive data and anomalies

๐Ÿงช Challenges I ran into

  • Bypassing bot detection and anti-automation systems
  • Handling dynamic API endpoints and tokens
  • Avoiding false positives during fuzzing
  • Managing session-based authentication securely

๐Ÿ† Accomplishments that I'm proud of

  • Successfully built a working automated API vulnerability scanner
  • Implemented intelligent endpoint discovery
  • Created a flexible fuzzing engine for multiple attack scenarios
  • Generated real-time logs for security analysis

๐Ÿ“š What I learned

  • Deep understanding of API security and backend vulnerabilities
  • How authentication tokens and sessions work in modern apps
  • Practical techniques for fuzzing and testing APIs
  • Importance of responsible security research

๐Ÿ”ฎ What's next for Apex-C

  • Add AI-based vulnerability detection
  • Improve accuracy and reduce false positives
  • Build a user-friendly dashboard
  • Extend support for more platforms and APIs

Built With

Share this project:

Updates