Business Logic Security Testing

Stop half-done API
specifications ( ) {

< Cherrybomb​ Cherrybomb icon /> is a CLI tool that helps you avoid undefined user behavior by validating your API specifications and running API security tests.


How does it work {

Cherrybomb reads your API spec file (Open API Specification) and validates it for best practices and the OAS specification, then it tests to verify that the API follows the OAS file and tests for common vulnerabilities.
The output is a detailed table with any issues found, guiding you to the exact problem and location to help you solve it quickly.



OAS 3.x Support

Works with all APIs that use the OAS 3.0 format or higher.

Quick Installation

Run Cherrybomb in a matter of minutes with fast install using our script or installing with

Passive Checks

Tests the OAS file locally for compliance with OpenAPI standards.

Active Tester

Live tests your OAS file and the API's security.

Endpoints Listing

Generates an informative list of all API endpoints.

Parameter Table

Generates a comprehensive list of all parameters and their associated properties.

Optimized CI Pipelines

Integrates into your CI using our wizard within minutes.