> For the complete documentation index, see [llms.txt](https://aftab700.gitbook.io/api-penetration-testing/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://aftab700.gitbook.io/api-penetration-testing/learning.md).

# Learning

### Tools

* <https://github.com/ticarpi/jwt\\_tool>
* <https://github.com/assetnote/kiterunner>
* <https://github.com/s0md3v/Arjun>
* <https://github.com/danielmiessler/SecLists>
* <https://github.com/hAPI-hacker/Hacking-APIs>

### Your API Hacking Lab

#### APIsec.ai has hosted an API hacking lab that you can use to practice your skills.

* crAPI can be found at <http://crapi.apisec.ai/>
* vAPI can be found at <http://vapi.apisec.ai/>

#### set up your own lab

* <https://github.com/OWASP/crAPI>
* <https://github.com/roottusk/vapi>

### Additional Resources

* [The Web Security Academy](https://portswigger.net/web-security): One of the best free online web security training courses on the Internet.
* [APIsecurity.io](https://apisecurity.io/): A weekly newsletter that is a great resource for the latest and greatest API security news.
* [API Hacking Mind Map](https://dsopas.github.io/MindAPI/) by David Sopas.
* Get involved in the Bug Bounty communities:
  * [Synack](https://www.synack.com/)
  * [BugCrowd](https://www.bugcrowd.com/bug-bounty-list/)
  * [HackerOne](https://www.hackerone.com/)
  * [Intigriti](https://www.intigriti.com/)
* [Insider PhD Everything API Hacking](https://www.youtube.com/playlist?list=PLbyncTkpno5HqX1h2MnV6Qt4wvTb8Mpol): Katie Paxton-Fear's playlist of all those great API hacking hits.
* [Awesome API Security](https://github.com/arainho/awesome-api-security): All the API security things.
