Vulnsy
Back to Free Tools

Swagger Scoper

Swagger Scoper takes an OpenAPI 2.0 or 3.x specification and breaks down every endpoint by HTTP method, authentication scheme, and parameter type — giving you the rough size and shape of an API before scoping a pentest. Paste a URL or JSON and you get a per-method count (GET, POST, PUT, DELETE, PATCH), an exportable CSV of every endpoint, and a quick view of which routes are authenticated.

Authenticated URL fetches are supported via Bearer, API key, or Basic auth, so you can pull a spec from behind a login without having to save the JSON locally first.

Supports Swagger 2.0 and OpenAPI 3.0 JSON specifications

Results

Enter a Swagger/OpenAPI URL or paste JSON to analyze

Features

Method Analysis

Count and categorize all HTTP methods with percentages. Click to filter endpoints by method type.

Parameter Tracking

See total and required parameters per endpoint to estimate testing complexity.

Search & Export

Search endpoints by path and export results to CSV for reporting and documentation.