Press Release

BLST Security – Firecracker

Use your HTTP logs, map your API, review, attack it and find anomalies.

Firecracker* is the first version of BLST Security’s open-sourced CLI.

Tel Aviv, Israel: BLST Security announced Firecracker, a new CLI tool that protects organizations from logical flaws, it provides an intelligent attacker that simulates business flows in your API.

This CLI tool provides a detailed analysis of existing attack surfaces, vulnerable flows, simplifies, and visualizes the architecture of the API.

Guy Levinger, BLST Security’s CTO says “Firecracker is the only open-source solution currently in the market trying to solve the broken API logic problem” and concluded that “this is the new generation of cyber security attacks and defense mechanisms, this tool is just the tip of the iceberg, we (BLST Security) plan to spearhead the worldwide progress exploring this new attack surface”.

Features and benefits of Firecracker include:

  • API logic flow visibility
  • User behavior anomaly detection
  • Easy installation and integration into current environments
  • Intuitive interface

Firecracker is available for download at (the installable binary version).

You can also access the code and build it yourself using GitHub by following this link:, visit for more information.

About BLST Security: BLST is a young startup company that is developing new security tools dedicated to solving the API security problem where the main focus at this time is finding broken logic in the API and mapping it, with an easy-to-use & integrate platform, ultimately leading to our directive – Know your logic. Stay Secure.

*The name Firecracker was changed to Cherrybomb – 31/01/2022
Secure your API

Validate your OAS file online

Start Scanning

OpenAPI scanner

.json or .yaml file

+ Drag & Dropupto 4MB
Powered by BLST
Additional interesting read
API penetration testing checklist
API penetration testing checklist

API penetration testing checklist is important because it helps ensure that all aspects of a web application are tested for security vulnerabilities.

Coinbase API vulnerability bug
Coinbase API vulnerability bug

Crypto exchange Coinbase API Broken object level authorization vulnerability lead to an extremely high bug bounty payout of $250,000USD