Metlo is an open source API security tool you can setup in < 15 minutes
that inventories your endpoints, detects bad actors and blocks malicious traffic
in real time.
With Metlo you can:
Detect API attacks in real time.
Automatically block malicious actors.
Create an Inventory of all your API Endpoints and Sensitive Data.
Proactively test your APIs before they go into production.
Endpoint Discovery - Metlo scans network traffic and creates an inventory
of every single endpoint in your API.
Sensitive Data Scannning - Each endpoint is scanned for PII data and
given a risk score.
Vulnerability Discovery - Get Alerts for issues like unauthenticated
endpoints returning sensitive data, No HSTS headers, PII data in URL params,
Open API Spec Diffs and more
API Security Testing - Build security tests directly in Metlo with a
simple HTTP Request editor and javascript assertions.
CI/CD Integration - Integrate with your CI/CD to find issues in
development and staging.
Attack Detection - Our ML Algorithms build a model for baseline API
behavior. Any deviation from this baseline is surfaced to your security team
as soon as possible.
Attack Context - Metlo’s UI gives you full context around any attack to
help quickly fix the vulnerability.
This repo is entirely MIT licensed. Features like user management, user roles
and attack protection require an enterprise license.
Contact us for more information.