RestHound is a lightweight CLI tool that enumerates REST API endpoints, analyzes CORS configurations, and fingerprints server technologies for security assessment.
Lightweight CLI tool for scanning REST APIs for CORS issues, methods, and info leaks.
RestHound is designed for security professionals and developers to perform reconnaissance and security analysis on RESTful APIs. It helps identify reachable endpoints, supported HTTP methods, insecure CORS settings, and underlying server technologies, facilitating vulnerability assessment and API security hardening.
RestHound requires Python 3.12 or newer and is intended strictly for authorized testing and educational purposes. Users should obtain explicit permission before scanning any systems. Planned enhancements include support for custom headers, output formats like JSON/CSV, and smarter HTTP method inference.
Ensure Python 3.12 or higher is installed
Clone or download the repository
Run pip install -r requirements.txt to install dependenciespython resthound.py -u https://httpbin.org -w wordlist.txt
Run RestHound against the specified URL using a wordlist to discover API endpoints and analyze them
python resthound.py -h
Display all available command line options and usage instructions