SpecOps is a Burp Suite extension that ingests an OpenAPI or Swagger spec and instantly builds a workbench to test every documented endpoint.

• Import specs from file, URL, or paste
• Global parameter store with import or export, proxy auto fill, and value generation
• Auth profiles for API keys, Bearer or JWT, Basic, OAuth2
• Custom header rules with scopes and overwrite control
• Endpoints workbench with preview, bulk ping, Repeater or Intruder send
• Attack results with request and response viewers
• Multi server mode to hit every server defined in the spec

See the full Wiki Guide for screenshots and detailed usage.

• Burp Suite 2025.7+ (for Montoya API support).
• Java 17+.

1. Download the latest SpecOps-vX.Y.Z.jar from the Releases page.
2. In Burp Suite, go to the Extender → Extensions tab.
3. Click Add, select the downloaded SpecOps-vX.Y.Z.jar file, and ensure the extension type is set to Java.
4. A new SpecOps tab will appear in Burp's main window.

1. Clone the repository:

   git clone https://github.com/rawatprince/SpecOps.git
   cd SpecOps

2. Build the project using Gradle:

   ./gradlew clean test shadowJar

SpecOps turns static API specifications into a dynamic attack surface - removing the friction of manual request building and letting you focus on testing.
With its parameter store, auth handling, custom headers, and bulk testing features, SpecOps makes API pentesting faster, consistent, and far more powerful.

• Website: https://princerawat.com
• User's manual: SpecOps Wiki
• Screenshots: View Screenshots
• Releases: Download SpecOps
• Commits feed (RSS/Atom): SpecOps commits
• X (Twitter): @_princerawat
• LinkedIn: Prince Rawat

If you like SpecOps, please consider giving it a ⭐ on GitHub, it helps others discover the project!

Welcoming contributions from everyone:

• Open issues for bugs or feature requests
• Submit pull requests to improve the project
• Share ideas or suggestions