Application API Specification Harvesting

Info

ID: AT-RE001
Tactic: Reconnaissance
Sub-techniques: API Documentation Analysis, Fuzzing API Endpoints, Schema Extraction, Traffic Sniffing
Platforms: PRE

Adversaries may collect and analyze detailed API documentation, including OpenAPI/Swagger files or GraphQL schemas, to map out function calls, parameters, and authentication flows. In addition, they can probe hidden endpoints and fuzz parameters to discover unexpected functionality or unprotected routes. By enumerating all available methods and expected request/response patterns, attackers can identify potential logic flaws, injection points, or misconfigurations ripe for exploitation.

Many modern cloud applications expose multiple APIs - some intended for internal microservices, others for third-party integrations - providing a broad surface area for adversaries. By thoroughly understanding these interfaces, attackers can craft highly tailored requests that bypass normal checks, impersonate trusted services, or pivot into deeper parts of the system. API specification harvesting is therefore critical reconnaissance for shaping an intrusion strategy that exploits the application's own communication flows.