Api Endpoint Discovery

Discovers and maps API endpoints using passive OSINT and active brute-forcing to assess the exposed attack surface of a web application's API layer.

Audits

Pass

ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install edgeiq-api-endpoint-discovery

API Endpoint Discovery

Skill Name: api-endpoint-discovery Version: 1.0.0 Category: Security / API / OSINT Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently) Author: EdgeIQ Labs OpenClaw Compatible: Yes — Python 3, pure stdlib, WSL + Linux

What It Does

Discovers API endpoints for a target domain using passive OSINT (Swagger docs, OpenAPI specs, robots.txt, JavaScript scraping, favicon analysis) and active techniques (path brute-forcing, parameter enumeration). Maps the exposed attack surface of a web application's API layer.

⚠️ Legal Notice: Only audit domains you own or have explicit written authorization to scan. Active brute-forcing should only be used on authorized targets.

Features

Swagger/OpenAPI discovery — locates and parses live API specification files
robots.txt analysis — extracts API-related paths from robots exclusion
JavaScript endpoint extraction — scrapes fetch/axios/XMLHttpRequest calls from JS files
Favicon/asset fingerprinting — extracts API hints from CDN-hosted assets
Path brute-forcing — common API path patterns with wordlist
Parameter enumeration — discovers API query parameter names
API version detection — identifies API version strings in responses
JSON export — structured endpoint inventory

Tier Comparison

Feature	Free	Lifetime ($39)	Optional Monthly ($7/mo)
Target scan	✅ (3 scans)	✅ (unlimited)	✅ (unlimited)
Swagger/OpenAPI discovery	✅	✅	✅
robots.txt analysis	✅	✅	✅
JS endpoint extraction	✅	✅	✅
Favicon fingerprinting	✅	✅	✅
Path brute-forcing	✅	✅	✅
Parameter enumeration	✅	✅	✅
JSON export	✅	✅	✅

Installation

cp -r /home/guy/.openclaw/workspace/apps/api-endpoint-discovery ~/.openclaw/skills/api-endpoint-discovery

Usage

Basic passive discovery (free tier)

python3 endpoint_discovery.py --target "https://api.target.com"

Pro scan with brute-forcing (Pro)

EDGEIQ_EMAIL=your_email@gmail.com python3 endpoint_discovery.py \
  --target "https://api.target.com" --pro

Bundle — full active + passive scan

python3 endpoint_discovery.py --target "https://api.target.com" \
  --bundle --output inventory.json

Parameters

Flag	Type	Default	Description
`--target`	string	—	Target base URL (e.g. https://api.target.com)
`--pro`	flag	False	Enable Pro features
`--bundle`	flag	False	Enable Bundle features
`--wordlist`	string	built-in	Path to custom wordlist for brute-forcing
`--threads`	int	10	Number of concurrent threads
`--output`	string	—	Write JSON inventory to file

Output Example

=== API Endpoint Discovery ===
Target: https://api.target.com

  [1m[92m✔[0m Discovered 24 endpoints across 3 API versions

  Swagger/OpenAPI:
    [1m[92m✔[0m /swagger/v1/api.json — OpenAPI 3.0 spec found
    [1m[92m✔[0m /api-docs — Swagger UI detected

  Endpoints by category:

    Authentication (5 endpoints)
      POST /api/v1/auth/login         — 200 OK
      POST /api/v1/auth/register      — 201 Created
      POST /api/v1/auth/refresh      — 200 OK
      POST /api/v1/auth/logout        — 204 No Content
      GET  /api/v1/auth/session       — 200 OK

    Users (7 endpoints)
      GET  /api/v1/users             — 200 OK (paginated)
      GET  /api/v1/users/:id         — 200 OK
      POST /api/v1/users             — 201 Created
      PUT  /api/v1/users/:id          — 200 OK
      DELETE /api/v1/users/:id       — 204 No Content

    Products (6 endpoints)
      GET  /api/v1/products          — 200 OK
      GET  /api/v1/products/:id     — 200 OK
      POST /api/v1/products         — 201 Created
      ...

  Hidden/exposed sensitive endpoints:
    ⚠️ GET /api/v1/admin/users      — Admin-only, no auth observed
    ⚠️ POST /api/v1/debug/config   — Debug endpoint — INFORMATION EXPOSURE

  Version fingerprinting:
    X-API-Version: 1.2.3
    Server: Apache-Coyote/1.1

  Threat Level: MEDIUM — 2 sensitive endpoints exposed without auth

Pro Upgrade

Full API discovery with brute-forcing, JS scraping, and parameter enumeration:

👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo

Support

Open a ticket in #edgeiq-support or email gpalmieri21@gmail.com

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
📸 Screenshot API — URL-to-screenshot API for developers
🔔 uptime.check — URL uptime monitoring with alerts
🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →