API GPT is your co-pilot for API security testing, helping you brainstorm and ask anything to API.
- Automated security analysis and test cases of captured APIs
- Real-time API call capture via MITM proxy - Click start and you are done.
- Domain whitelisting for focused testing - Remove the noise.
- Mark and track important APIs - Work on only what matters to you.
- Integrated chat interface for in-depth analysis - Got your back
- Captures API calls using a MITM proxy
- Stores captured calls in a SQLite database
- Analyzes APIs for write specific security test cases using LLM
- Presents results through an intuitive Streamlit UI
- Python 3.7+
- mitmproxy
- Streamlit
- SQLite3
-
Clone the repository:
git clone https://github.com/AI-Security-Research-Group/apilot.git cd apilot -
Install required packages:
pip install -r requirements.txt
-
Start the application:
streamlit run app.py -
Use the sidebar to configure domain whitelist and start the proxy
-
After starting proxy browse through browser. Proxy runs on :8080 port
-
Make API calls through the configured proxy
-
Analyze captured APIs and view results in the main interface
Integrate Contexi to use GET API Code feature
- Run context API interface.
- Use context Endpoint in code analysis configuration.
- Streamlit for the UI framework
- mitmproxy for API interception
- LangChain and Ollama for LLM integration