Scriptable is an API security testing framework designed for speed, modularity, and AI-assisted automation. It transforms API attack vectors into repeatable, automated workflows.
- Modular Architecture: Run generic security templates or author custom test logic.
- AI-Ready: Designed to turn high-level attack ideas into functional test code.
- Deep Integration:
- Import OpenAPI/Swagger documentation (
openapi.json). - Import request history from Caido exports.
- Import OpenAPI/Swagger documentation (
- CLI-First: Manage projects, documentation, and scans directly from your terminal.
Clone the repository and install the package in editable mode:
git clone [https://github.com/0xRahim/scriptable](https://github.com/0xRahim/scriptable)
cd scriptable/scriptable-codelib
pip install -e .Create a new Scriptable project interactively:
scriptable new my-api-project
cd my-api-projectYou can import targets from your existing documentation or proxy history:
From OpenAPI Specification:
scriptable import openapi ../openapi.jsonFrom Caido Export (Filtered by Host):
scriptable import caido ../caido_export.json --host registry.npmjs.orgView a summary of your imported endpoints or launch the test suite:
# View documentation summary
scriptable docs .
# Execute all active templates
scriptable run .Scriptable aims to bridge the gap between manual pentesting and automated scanning. By utilizing generic templates for common issues and providing a platform for custom code, it allows researchers to rapidly scale API security audits.
| Task | Command |
|---|---|
| New Project | scriptable new <name> |
| Import Docs | scriptable import openapi <path> |
| Import Proxy | scriptable import caido <path> --host <host> |
| Audit Docs | scriptable docs . |
| Run Scan | scriptable run . |