exploiting-excessive-data-exposure-in-api
CommunityFind sensitive data leaked by APIs
Software Engineering#owasp#graphql#api-security#mitmproxy#penetration-testing#data-exposure#pii-detection
AuthorAcczdy
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Detects and helps remediate excessive data exposure where APIs return more fields than the client needs, leaking PII, internal identifiers, debug info, or other sensitive business data that should remain server-side.
Core Features & Use Cases
- Field enumeration: Recursively discovers all fields in JSON responses and counts total surface area returned by endpoints.
- PII and pattern detection: Uses regex-based detection for emails, SSNs, credit cards, tokens, IPs, and other common sensitive data patterns.
- Schema comparison & GraphQL analysis: Compares responses to OpenAPI specs and performs GraphQL introspection to identify over-fetchable fields.
- Use Case: Ideal for penetration tests of mobile banking or multi-client APIs where the frontend displays a subset of data but the API may expose sensitive fields.
Quick Start
Run the included agent.py against a target API URL with a valid Bearer token to produce a JSON report of exposed fields and PII matches.
Dependency Matrix
Required Modules
requests
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: exploiting-excessive-data-exposure-in-api Download link: https://github.com/Acczdy/MoZiSec/archive/main.zip#exploiting-excessive-data-exposure-in-api Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.