Skip to content
@Escape-Technologies

Escape - API discovery & security platform

Built to help security teams manage their API Inventory and fix API vulnerabilities. In minutes. With no traffic monitoring.

👋 Welcome to our repo

Escape

Escape


Our Website   •   API Security Blog   •   API Security Academy   •   Case Studies   •   Docs

👋 Hello again

Escape is the API discovery and security platform built to help Application Security engineers.

View exposed API endpoints and sensitive data in minutes, continuously test as APIs evolve, prioritize business-critical vulnerabilities, and fix them efficiently with actionable remediation code snippets. No traffic monitoring, agents, or complex integrations required.

Yes, we're here to help you prioritize and win the respect of your development team 😉

🤝 Join our team

We believe it’s time to bring more AI-driven innovation to cybersecurity, and we'd love your help in building this dream! Want to join our adventure? Check out our Careers page!

🧙 Open source repos

At Escape, in addition to our work on API security, we've also been developing some fantastic open-source projects. Let us introduce you to all of them 🚀

  • API Security Academy, an interactive platform dedicated to helping you learn how to secure #graphql applications.

  • Goctopus, a GraphQL endpoint discovery and fingerprinting tool.

  • GraphQL wordlist, the only GraphQL wordlist for #pentesting you'll ever need. Operations, field names, type names... It was collected on more than 60k distinct GraphQL schemas.

  • GraphQL Armor, a middleware for Apollo GraphQL Server that adds a security layer to any GraphQL endpoint in minutes. It's also compatible with The Guild Software's Envelop universal plugin system.

  • GraphMan, a tool that helps you to scaffold a Postman collection for a GraphQL API. Compatible with Postman & Insomnia from Kong Inc.

  • Graphinder, a lightweight and blazing-fast GraphQL endpoint finder, making penetration testing on GraphQL much faster

  • Mookme, a git hook manager, designed monorepos for dealing with different projects and languages, automated filtering, and ease of configuration and setup.

  • PyMultiAuth, an open-source Python library that allows users to authenticate and reauthenticate automatically.

👀 Upcoming events & Resources

👋 Stay in touch

Pinned Loading

  1. graphql-armor graphql-armor Public

    🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️

    TypeScript 500 30

  2. graphql-wordlist graphql-wordlist Public

    The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.

    TypeScript 329 34

  3. awesome-graphql-security awesome-graphql-security Public

    A curated list of awesome GraphQL Security frameworks, libraries, software and resources

    299 22

  4. graphman graphman Public

    Quikly scaffold a postman collection for a GraphQL API. Compatible with Postman & Insomnia.

    TypeScript 241 12

  5. mookme mookme Public

    A pre-commit tool designed for monorepos.

    TypeScript 102 13

  6. goctopus goctopus Public

    Blazing fast GraphQL discovery & fingerprinting toolbox.

    Go 101 9

Repositories

Showing 10 of 35 repositories
  • cloudfinder Public

    Detect the cloud / hosting provider of a given host. Fast, static & offline

    Escape-Technologies/cloudfinder’s past year of commit activity
    Go 5 MIT 1 0 0 Updated Nov 17, 2024
  • graphql-armor Public

    🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️

    Escape-Technologies/graphql-armor’s past year of commit activity
    TypeScript 500 MIT 30 2 20 Updated Nov 16, 2024
  • docs Public

    docs.escape.tech

    Escape-Technologies/docs’s past year of commit activity
    JavaScript 4 MIT 4 0 1 Updated Nov 16, 2024
  • repeater Public

    A proxy client to scan internal APIs with Escape

    Escape-Technologies/repeater’s past year of commit activity
    Go 1 Apache-2.0 2 0 1 Updated Nov 7, 2024
  • action Public
    Escape-Technologies/action’s past year of commit activity
    Dockerfile 3 MIT 1 0 0 Updated Nov 4, 2024
  • graphql-security-academy Public

    🔒 A free, open-source platform dedicated to understand and secure GraphQL applications — all directly in your browser!

    Escape-Technologies/graphql-security-academy’s past year of commit activity
    Svelte 52 AGPL-3.0 2 0 0 Updated Oct 30, 2024
  • juice-shop Public Forked from juice-shop/juice-shop

    OWASP Juice Shop: Probably the most modern and sophisticated insecure web application

    Escape-Technologies/juice-shop’s past year of commit activity
    TypeScript 0 MIT 11,021 0 0 Updated Oct 13, 2024
  • API-Threat-Matrix Public

    A comprehensive knowledge base for security professionals to keep track of and build defenses against API attack techniques.

    Escape-Technologies/API-Threat-Matrix’s past year of commit activity
    40 MIT 3 0 0 Updated Sep 12, 2024
  • Escape-Technologies/escape-api-client’s past year of commit activity
    Go 0 Apache-2.0 0 0 0 Updated Sep 12, 2024
  • graphman Public

    Quikly scaffold a postman collection for a GraphQL API. Compatible with Postman & Insomnia.

    Escape-Technologies/graphman’s past year of commit activity
    TypeScript 241 MIT 12 7 (3 issues need help) 0 Updated Aug 26, 2024