Shadow API Discovery

Scan and map your entire server route schema statically without routing production traffic.

Undocumented, forgotten, or "shadow" API routes are one of the most common vectors for database exploits. RaksHex scans your source code directories to build a complete endpoint registry.

Supported Frameworks

The static analysis engine extracts routing trees from:

FastAPI / Starlette: Python
Express.js / Koa: Node.js
Spring Boot: Java
Django / Flask: Python

How to Run Route Extraction

Use the CLI to perform a static scan on your backend repository:

npx RaksHex discover ./backend-src --framework fastapi

The output will list all discovered endpoints, auth status, and compare them against your allowlisted documentation endpoints.

← Back to overview Try RaksHex Free