API finder

Passive API discovery tool for security testers. Discovers API endpoints from browser traffic, flags risks, exports OpenAPI/Postman.

API Finder is a passive API attack-surface mapper that runs silently in your browser. As you navigate web applications, it automatically discovers API endpoints, flags security risks, and builds a live inventory of routes with zero active scanning. Key Features - Passive Discovery - Detects API routes, endpoints, and parameters from normal browser traffic - Risk Flagging - Highlights endpoints with authentication gaps, exposed IDs, debug parameters, and other security red flags - OpenAPI Export - Export discovered routes to OpenAPI/Swagger and Postman collections - False Positive Filter - Smart filtering to keep results relevant - Request Tester - Local request builder for authorized testing (exports masked for safety) - Side Panel UI - Clean dock interface that lives alongside your browsing session - Baseline Saving - Save and compare API surface snapshots over time Why Install? - For Bug Bounty Hunters - Instantly map a target's API surface as you browse - For Pentesters - Find hidden endpoints, debug leaks, and undocumented routes - For Developers - Review what your app exposes and catch misconfigurations early - Zero Attacker Footprint - Everything is passive. No scans, no probes, no logs on the target