Deprecated Python package. apisniff has moved to Go; install via Homebrew.
Project description
apisniff
One tool for API recon: preflight defenses, capture real traffic, extract a usable spec.
What you get
- Probe a URL in 10 seconds, classify 25+ vendor products (Cloudflare, Akamai, DataDome, PerimeterX, Imperva, Kasada, and more)
- Capture browser traffic through Chrome DevTools Protocol by default; use proxy mode when you need MITM fallback capture.
- Import HAR files or Burp Suite exports for offline analysis
- Generate an OpenAPI spec from captured traffic with schema inference and example values
- Replay captured calls against the live API and see what changed
- Export safely: derived artifacts only, no raw traffic, no credentials
Install
brew tap 4LAU/tap && brew install apisniff
The Go build is a single binary with no Python runtime dependency. From source:
go build -ldflags="-s -w" -o apisniff ./cmd/apisniff
Quick Start
# Check what defenses a site has
apisniff probe example.com
# Capture live traffic with Chrome DevTools Protocol
apisniff recon example.com
# Fallback: run a local MITM proxy for a browser/client you configure
apisniff recon example.com --mode proxy --port 8080
# Generate an API spec from the capture
apisniff spec example.com -o spec.yaml
# Replay captured calls to detect drift
apisniff replay example.com
# Export a safe, shareable summary
apisniff share example.com
Commands
| Command | Purpose | Docs |
|---|---|---|
probe |
Defense preflight: assess defenses, detect vendors, check rate limits | Reference → |
recon |
Capture + classify: CDP by default, proxy fallback, filter noise | Reference → |
analyze |
Offline analysis: import HAR, Burp XML, or JSONL captures | Reference → |
replay |
Replay captured calls and detect API drift | Reference → |
spec |
Generate OpenAPI 3.0.3 from captured traffic | Reference → |
share |
Export shareable summary (no raw traffic, no credentials) | Reference → |
Every command supports --help for full flag documentation. See the CLI spec for output format contracts and conventions.
Guides
- Getting started: install to API map in 5 minutes
- Workflow recipes: map an API, check for drift, compare defenses
- Capture formats: HAR, Burp XML, JSONL explained
Important Warnings
Only run apisniff against systems you own, administer, or have explicit permission to test. The tool is built for API discovery and debugging, but it sends real requests and can capture sensitive session data.
Your IP address is exposed
This tool sends real HTTP requests from your IP. Aggressive or repeated probing can get you rate-limited or blocked. apisniff probe rate fires rapid requests, so use it deliberately.
Results reflect your IP's reputation. Residential IPs see fewer challenges than datacenter/cloud IPs. Use --proxy to compare results from different vantage points.
Capture files contain sensitive data
recon and analyze capture full HTTP traffic including cookies, auth tokens, API keys, and form submissions. Raw bundles are stored locally with owner-only permissions and are never safe to share, commit, or upload.
Use apisniff share to create a safe export with only derived artifacts.
Recon capture modes
apisniff recon defaults to --mode cdp-launch. It launches Chrome with a dedicated user data directory and a DevTools port, then captures request/response data from Chrome's Network domain. The target sees Chrome's real TLS and HTTP/2 behavior, but JavaScript-level automation signals may still exist because Chrome is launched for automation.
--mode cdp-attach connects to an existing Chrome DevTools endpoint with --remote-url or --port.
CDP capture records API responses, response body size metadata, and WebSocket handshake/frame summaries when Chrome exposes those events.
--mode proxy starts a local HTTP/HTTPS MITM proxy with HTTP/2 support. For HTTPS capture, the client you route through the proxy must trust ~/.apisniff/ca-cert.pem. Treat that CA as sensitive local configuration: a trusted CA can decrypt HTTPS traffic from clients that trust it and send traffic through this proxy. The private key is stored at ~/.apisniff/ca-key.pem with owner-only permissions.
What recon can see
CDP modes only record traffic from the Chrome session apisniff launches or attaches to. Proxy mode only records traffic from clients explicitly configured to use the local proxy.
Other apps, other browser windows, background services, and normal device traffic are not routed through apisniff unless you configure them for the same capture mode. apisniff does not turn on device-wide network capture, install a VPN, or monitor traffic outside the chosen session.
Press Ctrl+C to end a proxy capture session. If you see a port-in-use error, another capture session is probably still running on that port.
What to do with the spec
# Generate a client library
openapi-generator generate -i spec.yaml -g python -o client/
# Import into Postman: File → Import → select spec.yaml
# Feed to an LLM
cat spec.yaml | llm "write a Python client for this API"
Development
git clone https://github.com/4LAU/apisniff.git
cd apisniff
go test ./...
go build -o apisniff ./cmd/apisniff
See CONTRIBUTING.md for the local development workflow and SECURITY.md for vulnerability reporting.
Build release binaries with -ldflags="-s -w" to keep binary size under the distribution target.
License
MIT
Project details
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file apisniff-0.1.3.tar.gz.
File metadata
- Download URL: apisniff-0.1.3.tar.gz
- Upload date:
- Size: 324.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5b8a2871fd4c60206512fa40e4bcf912bcdbdcebc09f378ee5d61fc45b4b34f0
|
|
| MD5 |
69e2d5b7c1ff6c5304d4f1a467c9efdb
|
|
| BLAKE2b-256 |
2904fea1c069c49f59b422a8287769f848ec59c559063e47241cd665f612aea2
|
File details
Details for the file apisniff-0.1.3-py3-none-any.whl.
File metadata
- Download URL: apisniff-0.1.3-py3-none-any.whl
- Upload date:
- Size: 69.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.10.2 {"installer":{"name":"uv","version":"0.10.2","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"macOS","version":null,"id":null,"libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":null}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
7e094c69d680b02c0cc41426b86b97f5f89d42d872242b5ad449a91a2f6f5399
|
|
| MD5 |
d073a8b643e06b59874dd5d79366ad53
|
|
| BLAKE2b-256 |
fbd0d5ac2e9cb04de27cfbec1776b4db6077f541dd5294eac51a8e3613a34dcb
|