Metlo Config

Blog

GitHub

Discord

Contact Us

Metlo

Get Started

Sign In

Welcome to Metlo

Getting Started

Getting Started with Metlo Cloud

Metlo Self Hosted

Installing Metlo's CLI

Overview

Metlo Juice Shop

Metlo scans the API traffic of your Juice Shop app and provides an overview of all it's endpoints, the type of data they contain, detailed information for each request, and much more.

Endpoint Discovery

SQL Injection

Broken Object Level Authorization

Broken Authentication

Vulnerabilities

Protection

Node

Python

Java

AWS Traffic Mirroring

GCP Traffic Mirroring

Docker Compose

Kubernetes

AWS Fargate

Burp Suite Extension

After you connect your apps, Metlo scans your API traffic to give an overview of all your endpoints, the type of data they contain, whether they are authenticated or not and if they contain sensitive data. You can use endpoint discovery to find **every** API endpoint in your organization. This can guide your security program and can also surface endpoints that you didn't even know existed.

Sensitive Data

API Vulnerabilities

Authentication

Custom Sensitive Data

Uploading Open API Specs

Writing a Test

Advanced Tests

Test Templates

Test Rules

Global Test Environment

Making a Testing Config

Generating Auth Tests

Custom Templates

Typescript Templates

Example Templates

Alerts

Webhooks

Attack Detection

Attack Context

Adding email connectivity to Self hosted Metlo for notifications and password resets

Disabling Select Fields

Authentication

Custom Sensitive Data

Global Test Environment