So here's the thing. I was working on an API the other day — just a small internal tool — and I realized I had no idea if it had rate limiting or not. Like, at all. I sent 200 requests in a loop with a bash script (don't judge me) and... nothing. No 429, no blocking, just happy 200s. My little API was basically begging to get brute-forced. That's when I thought: there has to be a better way than writing a janky script every single time. So I built API Security Auditor Pro . What does it actually do? It's just a CLI tool. Nothing fancy. You give it a URL, it does three things: Tests for rate limiting — sends a bunch of requests and checks if you ever get a 429. If not? That's a red flag. Checks security headers — you know, HSTS, CSP, all those things we forget to add. Looks for weird stuff — like APIs returning way too much data or missing auth checks. Nothing revolutionary. Just the boring stuff that actually matters. Here's why I like it It's fast. Like, really fast. No heavy setup, no cloud nonsense.…