Stop half-done API
specifications ( ) {

< Cherrybomb​


/> is a

/> is a CLI tool that helps

CLI tool that helps

you avoid undefined user behavior by validating your API specifications and running API security tests.


How does it work {

Cherrybomb reads your API spec file (Open API Specification) and validates it for best practices and the OAS specification, then it tests to verify that the API follows the OAS file and tests for common vulnerabilities.
The output is a detailed table with any issues found, guiding you to the exact problem and location to help you solve it quickly.



OAS 3 support

Passive checks​

Parameter table​

Improve installation script​

Endpoints table​

YAML support

currently only JSON is supported​

Custom scans​

Optional checks + Optional output​

Active scans​