Is 42Crunch good for New endpoint auto-discovery scan?

New endpoint auto-discovery requires a scanner that can explore an API surface without prior knowledge of routes. middleBrick is a black-box scanner that submits requests and observes responses to infer additional paths. It does not rely on internal code or architecture, making it applicable when only a URL is available.

The scanner uses read-only methods (GET and HEAD) plus text-only POST for LLM probes to enumerate potential endpoints. Common patterns such as path traversal, ID sequencing, and parameter permutations are tested while staying within safe, non-intrusive behaviors. OpenAPI specifications are parsed when provided, with recursive $ref resolution to compare defined operations against observed responses.

During scans, the tool cross-references spec definitions with runtime findings to highlight undefined security schemes, deprecated operations, and missing pagination. This helps surface inconsistencies between documented and actual behavior, which is valuable when assessing how well discovery aligns with the real API surface.

While not designed to find business logic flaws, the scanner covers categories that commonly hide additional endpoints. Detection includes BOLA / IDOR indicators such as sequential ID enumeration and active adjacent-ID probing, as well as BFLA / Privilege Escalation signals like admin endpoint probing and role/permission field leakage. Input Validation checks include CORS wildcard usage and dangerous HTTP methods, which can reveal overlooked or misconfigured routes.

Property Authorization findings highlight over-exposed fields and internal data leakage that may indicate supplementary query paths. Rate Limiting and Resource Consumption checks identify rate-limit headers and oversized responses, which can point to hidden or unlisted endpoints. Data Exposure detection surfaces PII patterns and API key formats that clarify what data moves through discovered paths.

middleBrick does not perform active SQL injection or command injection, as those require intrusive payloads outside its scope. It does not detect blind SSRF due to the absence of out-of-band infrastructure validation, and it does not identify business logic vulnerabilities, which demand domain-specific human analysis.

The tool does not replace a human pentester for high-stakes audits, nor does it fix, patch, block, or remediate findings. It supplies prioritized findings with remediation guidance, enabling teams to decide how to harden discovery paths and reduce unintended exposure.

Authenticated scanning supports Bearer, API key, Basic auth, and Cookie methods, with domain verification to ensure only domain owners can scan with credentials. Header allowlist is restricted to Authorization, X-API-Key, Cookie, and X-Custom-* headers to limit request manipulation during discovery.

middleBrick maps findings to PCI-DSS 4.0, SOC 2 Type II, and OWASP API Top 10 (2023), providing structured evidence for these frameworks. For other regulations, the scanner aligns with security controls described in relevant standards and supports audit evidence collection without claiming certification or compliance guarantees.