Is Escape worth it?

Escape is a black-box API security scanner. You submit a URL and receive a risk score from A to F with prioritized findings. It only uses read-only methods such as GET and HEAD, and text-only POST for LLM probes. No agents, SDKs, or code access are required, and the scanner works across any language, framework, or cloud. Scan completion typically occurs under one minute. The tool does not perform active exploitation such as SQL injection or command injection, and it does not attempt to fix, patch, block, or remediate issues.

The scanner evaluates 12 categories aligned to the OWASP API Top 10 (2023), including authentication bypass, JWT misconfigurations, BOLA and IDOR, privilege escalation, property authorization, input validation, rate limiting and resource consumption, data exposure, encryption issues, SSRF, inventory management, and unsafe consumption. It also includes 18 adversarial probes for LLM / AI Security across three scan tiers (Quick, Standard, Deep), covering system prompt extraction, instruction override, jailbreaks, data exfiltration, and token smuggling. Findings are mapped to OWASP API Top 10, and the tool parses OpenAPI 3.0, 3.1, and Swagger 2.0 with recursive $ref resolution to cross-reference spec definitions against runtime behavior.

Authenticated scanning is available from the Starter tier onward, supporting Bearer, API key, Basic auth, and Cookie. Domain verification is enforced via DNS TXT record or an HTTP well-known file, ensuring only the domain owner can scan with credentials. The scanner forwards a restricted header allowlist including Authorization, X-API-Key, Cookie, and X-Custom-* headers. Safety measures include read-only methods only, blocking of private IPs, localhost, and cloud metadata endpoints at multiple layers, and deletable customer data that is never sold or used for model training.

The Web Dashboard centralizes scans, reports, score trends, and allows export of branded compliance PDFs. The CLI via the middlebrick npm package supports commands such as middlebrick scan <url> with JSON or text output. A GitHub Action can gate CI/CD, failing the build when the score drops below a threshold. An MCP Server enables scanning from AI coding assistants like Claude and Cursor. The API client facilitates custom integrations, and the Pro tier adds scheduled rescans, diff detection, email alerts, HMAC-SHA256 signed webhooks, and Slack or Teams notifications.

Escape does not detect business logic vulnerabilities, which require domain-specific human understanding. Blind SSRF is out of scope due to the lack of out-of-band infrastructure. The tool does not perform intrusive payloads such as active SQL injection or command injection. It surfaces findings and remediation guidance but does not patch, block, or remediate. For high-stakes audits, it does not replace a human pentester.