The API endpoint discovery process can be automated using the Kiterunner tool, which uses OpenAPI specifications to fuzz API endpoints and identify routes that are not documented.
Kiterunner is an advanced content discovery tool that helps to reveal hidden API endpoints, which can be valuable attack surfaces for bug bounty hunters.
The tool is useful for recon on both REST and GraphQL APIs and the scan speed can be increased by using concurrent requests.
The results of the scan include discovered API paths, response codes and response size, and during the scan it is possible to test different HTTP methods and specify alternative base paths.
The results of the scan can be exported to a file for further analysis or combined with other tools such as Burp Suite for deeper analysis.
To use Kiterunner, it is necessary to install Go, obtain an API wordlist, and verify the installation of the tool before running a brute-force scan against a target API, which can be done using authentication headers if required.
The results can be analysed to identify sensitive data or functions for further investigation.