detecting-shadow-api-endpoints

Featured

Discover and inventory shadow API endpoints that operate outside documented specifications using traffic analysis, code scanning, and API discovery platforms.

API & Backend 13,115 stars 1533 forks Updated today Apache-2.0

Install

View on GitHub

Quality Score: 99/100

Stars 20%
100
Recency 20%
100
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# Detecting Shadow API Endpoints ## Overview Shadow APIs are API endpoints operating within an organization's environment that are not tracked, documented, or secured. They emerge from rapid development cycles, forgotten test environments, deprecated API versions left running, third-party integrations, or developer side projects deployed without governance. Shadow APIs bypass authentication and monitoring controls, creating hidden entry points for attackers. Studies show that up to 30% of API endpoints in large organizations are undocumented, making shadow API detection a critical component of API security posture management. ## When to Use - When investigating security incidents that require detecting shadow api endpoints - When building detection rules or threat hunting queries for this domain - When SOC analysts need structured procedures for this analysis type - When validating security monitoring coverage for related attack techniques ## Prerequisites - API gateway or reverse proxy with traffic logging (Kong, AWS API Gateway, Envoy) - Network traffic capture capability (packet broker, port mirroring) - Access to source code repositories and CI/CD pipeline configurations - Cloud provider access for configuration scanning (AWS, GCP, Azure) - API documentation inventory (OpenAPI specs, Swagger docs) - Python 3.8+ for custom discovery tooling ## Detection Methods ### 1. Traffic Analysis and Comparison Compare live API traffic against documented OpenAPI specificatio...

Details

Author
mukul975
Repository
mukul975/Anthropic-Cybersecurity-Skills
Created
3 months ago
Last Updated
today
Language
Python
License
Apache-2.0

Similar Skills

Semantically similar based on skill content — not just same category

API & Backend Featured

performing-api-inventory-and-discovery

Performs API inventory and discovery to identify all API endpoints in an organization's environment including documented, undocumented, shadow, zombie, and deprecated APIs. The tester uses passive traffic analysis, active scanning, DNS enumeration, JavaScript analysis, and cloud resource inventory to build a comprehensive API catalog. Maps to OWASP API9:2023 Improper Inventory Management. Activates for requests involving API discovery, shadow API detection, API inventory audit, or attack surface mapping.

13,115 Updated today
mukul975
AI & Automation Solid

detecting-shadow-it-cloud-usage

Detect unauthorized SaaS and cloud service usage (shadow IT) by analyzing proxy logs, DNS query logs, and netflow data using Python pandas for traffic pattern analysis and domain classification.

13,115 Updated today
mukul975
API & Backend Listed

api-discovery

Hidden API discovery and intelligence tool. Detects internal APIs, REST/GraphQL endpoints, WebSocket connections, and authentication patterns on any website. Useful for competitive intelligence, integration building, and understanding how SPA applications work under the hood. Triggers on: hidden API, discover APIs, endpoint, SPA, intercept, XHR, fetch requests, websocket, internal API, reverse engineer API, API patterns, API endpoints, API mapping.

2 Updated 3 days ago
ceoimperiumprojects
AI & Automation Featured

scanning-api-security

Detect API security vulnerabilities including injection, broken auth, and data exposure. Use when scanning APIs for security vulnerabilities. Trigger with phrases like "scan API security", "check for vulnerabilities", or "audit API security".

2,274 Updated today
jeremylongshore
API & Backend Solid

api-inventory-scanner

Discover and document existing API endpoints from code, logs, and traffic analysis

1,160 Updated today
a5c-ai