Open source tool for authorization / access-control scanning

I have just published an NPM package which uses a chrome headless browser to login as a user and crawl a site, it intercepts resources like API requests and then tries to access those resources while logged in under a different user account (or as unauthenticated). Any feedback or comments on this tool would be appreciated, thanks.

1 Like