API GPT is an AI-powered co-pilot that automates API security testing by capturing, analyzing, and generating security test cases for APIs in real-time.
API GPT is your co-pilot for API security testing, helping you brainstorm and ask anything to API.
This tool is designed for security testers and developers who want to automate and streamline the process of API security testing. By capturing live API calls through a MITM proxy and leveraging large language models, it helps users identify vulnerabilities and generate relevant security test cases efficiently.
Requires Python 3.7+, mitmproxy, Streamlit, and SQLite3 installed. Ensure proper proxy configuration in your browser to capture API calls. Domain whitelisting is recommended to reduce noise and focus testing. Integration with Contexi is optional but enhances GET API code analysis capabilities.
Clone the repository: git clone https://github.com/AI-Security-Research-Group/apilot.git
Navigate into the cloned directory: cd apilot
Install required Python packages: pip install -r requirements.txtstreamlit run app.py
Starts the API GPT application with the Streamlit UI
Configure domain whitelist and start the proxy via the sidebar
Sets domains for focused API capture and initiates the MITM proxy
Browse APIs through the configured proxy running on port 8080
Makes API calls that are intercepted and captured for analysis
Integrate Contexi by running its API interface and using its context endpoint
Enables the GET API code feature for enhanced code analysis