From 7c1326ffb62b7cb13e7a0562bc4de9409ddbc5e8 Mon Sep 17 00:00:00 2001
From: Shridhar Sukhani <shri@metlo.com>
Date: Tue, 15 Nov 2022 23:18:10 -0800
Subject: [PATCH 1/5] Add Metlo to the Tools section

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 154bc41..2c082cf 100644
--- a/README.md
+++ b/README.md
@@ -278,6 +278,7 @@ Name | Author | Description |
 | [fuzzapi](https://github.com/Fuzzapi/fuzzapi)| Fuzzapi is a tool used for REST API pentesting anTnT-Fuzzerd uses API_Fuzzer gem. |
 | [gotestwaf](https://github.com/wallarm/gotestwaf) | An open-source project in Golang to test different web application firewalls (WAF) for detection logic and bypasses |
 | [kiterunner](https://github.com/assetnote/kiterunner) | Contextual Content Discovery Tool. |
+| [Metlo](https://github.com/metlo-labs/metlo) | [Open-source API security tool](https://metlo.com) to discover, inventory, test, and protect your APIs. |
 | [mitmproxy2swagger](https://github.com/alufers/mitmproxy2swagger) | Automagically reverse-engineer REST APIs via capturing traffic |
 | [RESTler](https://github.com/microsoft/restler-fuzzer) | RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services. |
 | [Swagger-EZ](https://github.com/RhinoSecurityLabs/Swagger-EZ)| A tool geared towards pentesting APIs using OpenAPI definitions. |

From c2a5e09d8867aa56b9b54294b81c533dceccd5d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20Wi=C3=9Fm=C3=BCller?=
 <113339114+sebastianwis@users.noreply.github.com>
Date: Mon, 28 Nov 2022 10:18:21 +0100
Subject: [PATCH 2/5] Update README.md

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index 2c082cf..ce7a1f0 100644
--- a/README.md
+++ b/README.md
@@ -294,6 +294,7 @@ Name | Author | Description |
 | [SoapUI](https://github.com/SmartBear/soapui) | SoapUI is a free and open-source cross-platform functional testing solution for APIs and web services. |
 | [dredd](https://github.com/apiaryio/dredd)| Language-agnostic HTTP API Testing Tool  |
 | [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin |
+| [Step CI](https://github.com/stepci/stepci) | Open-source framework for API Quality Assurance, which tests REST, GraphQL and gRPC automated and from Open API spec. |
 
 ## Training, Workshops, Labs
 | Author | Name | Description |

From 95a06e358cab63cfc1e6fd9bb907c263efd3e347 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Rainho?= <arainho.it@gmail.com>
Date: Thu, 22 Dec 2022 12:23:41 +0000
Subject: [PATCH 3/5] Update README.md

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index ce7a1f0..9788896 100644
--- a/README.md
+++ b/README.md
@@ -320,7 +320,9 @@ Name | Author | Description |
 
 2. Other content vendor-specific, ads, commercial, restricted, free trial, freemium, closed-source (proprietary software), products or services provided in exchange for private user details are considered out of scope pull requests.
 
-3. Duplicated content or entries that do not provide additional or relevant content compared with existing entries may also not be considered.
+3. Content or materials not directly related to API security, hunting bugs in APIs, hardening or hacking APIs may also be discarded.
+
+4. Duplicated content or entries that do not provide additional or relevant content compared with existing entries may also not be considered.
 
 5. Out of scope pull requests will be probably discarded, closed or ignored without notice.
 

From 1103a938b5e9d2eb6b5ad501df564dcd0c6378b2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Rainho?= <arainho.it@gmail.com>
Date: Sat, 7 Jan 2023 12:53:03 +0000
Subject: [PATCH 4/5] new tool on 'others' section

- add gau tool
---
 README.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 9788896..de82fc6 100644
--- a/README.md
+++ b/README.md
@@ -291,10 +291,11 @@ Name | Author | Description |
 | [wsdl-wizard](https://github.com/portswigger/wsdl-wizard)| WSDL Wizard is a Burp Suite plugin written in Python to detect current and discover new WSDL (Web Service Definition Language) files. |
 |  |  |
 | **Others**|
-| [SoapUI](https://github.com/SmartBear/soapui) | SoapUI is a free and open-source cross-platform functional testing solution for APIs and web services. |
 | [dredd](https://github.com/apiaryio/dredd)| Language-agnostic HTTP API Testing Tool  |
-| [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin |
+| [getallurls (gau)](https://github.com/lc/gau) | Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl. |
+| [SoapUI](https://github.com/SmartBear/soapui) | SoapUI is a free and open-source cross-platform functional testing solution for APIs and web services. |
 | [Step CI](https://github.com/stepci/stepci) | Open-source framework for API Quality Assurance, which tests REST, GraphQL and gRPC automated and from Open API spec. |
+| [unfurl](https://github.com/tomnomnom/unfurl) | Pull out bits of URLs provided on stdin |
 
 ## Training, Workshops, Labs
 | Author | Name | Description |

From 2830eb1118e7435f5240e341cb3efcb2a803ce8a Mon Sep 17 00:00:00 2001
From: Karel Husa <khusa@gem.cz>
Date: Thu, 24 Nov 2022 17:26:20 +0100
Subject: [PATCH 5/5] Added BankGround API to the Training, workshops and labs
 section. BankGround API is easily understandable API to learn API principles
 and its usage. Provides both REST and GraphQL API.

---
 README.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/README.md b/README.md
index de82fc6..19791ba 100644
--- a/README.md
+++ b/README.md
@@ -303,6 +303,7 @@ Name | Author | Description |
 | Pentester Academy | [API security, REST Labs](https://attackdefense.pentesteracademy.com/listing?labtype=rest&subtype=rest-api-security) | Pentester Academy - attack & defense |
 | Corey Ball | [API Security University](https://university.apisec.ai) | APIsec University provides training courses for application security professionals |
 | Grant Ongers | [API top 10 walkthrough](https://securedelivery.io/articles/api-top-ten-walkthrough/) | OWASP API Top 10 CTF Walk-through. |
+| Karel Husa | [BankGround API](https://apimate.eu/bankground.html) | Banking-like REST and GraphQL API for training/learning purposes.                                                                                                             |
 | Hacker101 | [GraphQL challenges](https://www.hackerone.com/ethical-hacker/graphql-week-hacker101-capture-flag-challenges) | GraphQL Week on The Hacker101 Capture the Flag Challenges |
 | OWASP-SKF | [GraphQL Labs](https://demo.securityknowledgeframework.org/labs/view) | GraphQL Labs on the OWASP Security Knowledge Framework |
 | Corey Ball | [Hacking APIs](https://sway.office.com/HVrL2AXUlWGNDHqy) | Hacking APIs: workshop |