π¬ Rentgen
π Rentgen website
π https://rentgen.io
Rentgen is an API testing tool that works like an X-ray: it exposes whatβs really happening inside your APIs.
but built for:
- π Generate hundreds of tests - from one simple request
- π WebSockets (WSS) β live bi-directional testing
- π¦ Protobuf payloads β load
.protoschemas, encode requests, decode responses - π οΈ Raw testing freedom β send malformed or ugly payloads without restrictions
- ποΈ Lightweight and no complex setup
β¨ Why Rentgen?
Fokus on what to test not how to test.
Rentgen lets you do all of this in a familiar Postman-like interface.
π Key Features
- π§ͺ Data-Driven Testing β generate dozens of tests from a single request using smart β¦
π¬ Rentgen
π Rentgen website
π https://rentgen.io
Rentgen is an API testing tool that works like an X-ray: it exposes whatβs really happening inside your APIs.
but built for:
- π Generate hundreds of tests - from one simple request
- π WebSockets (WSS) β live bi-directional testing
- π¦ Protobuf payloads β load
.protoschemas, encode requests, decode responses - π οΈ Raw testing freedom β send malformed or ugly payloads without restrictions
- ποΈ Lightweight and no complex setup
β¨ Why Rentgen?
Fokus on what to test not how to test.
Rentgen lets you do all of this in a familiar Postman-like interface.
π Key Features
- π§ͺ Data-Driven Testing β generate dozens of tests from a single request using smart datasets and field type detection - (
string,number,email, etc.) - π Security & Headers Audit β built-in OWASP checks for headers, methods, CORS, and authorization handling
- β‘ Performance Insights β median response time, ping latency, and load test with live
p50/p90/p95metrics - π¬ HTTP & WebSocket Support β send requests or connect to WSS endpoints, both JSON and Protobuf
- π Protobuf Integration β import
.protoschemas to encode requests and decode binary responses - π§· Randomized Payloads β
randomInt,random32, andrandomEmailfor unique data in each request - π Load & Stress Testing β multi-threaded (up to 100 concurrent) requests with automatic abort on slowdowns
- 𧩠Automatic Field Mapping β detects all body and query params with editable type selection
- π₯οΈ Postman-like UI β instant usability, βImport cURLβ support, and βCopy as cURLβ for reproducibility
- π CORS & SSL Controls β detect public vs private APIs, and optionally bypass SSL for staging servers
β¦and more. Built for QA engineers who need real testing, not just βsending requests.β
π¬ Demo
π§ Real-world API test example and results
I tested ChatGPTβs backend API using RENTGEN β the exact same endpoint used by the web app:
Endpoint: https://chatgpt.com/backend-api/f/conversation/prepare
In less than a minute, RENTGEN automatically generated and executed 200+ API tests, including security, headers, and input validation checks.
Hereβs what was found:
1οΈβ£ CORS policy wide open β API accepts requests from any domain (no CORS restriction). 2οΈβ£ Missing security headers β no X-Frame-Options or Cache-Control. 3οΈβ£ OPTIONS method not supported β violates API interoperability rules. 4οΈβ£ Body size handling broken β server returns 500 instead of 413 Payload Too Large. 5οΈβ£ Authorization handling inconsistent β returns 403 instead of expected 401. 6οΈβ£ Input validation missing β incorrect field types still return 200 OK. 7οΈβ£ 404 handling correct β works as expected. 8οΈβ£ Performance solid β median 184 ms response time.
π Read the full case study here: π I tested ChatGPTβs backend API using RENTGEN, and found more issues than expected
π§ Installation
Dev mode
git clone https://github.com/LiudasJan/Rentgen.git
cd rentgen
npm install
npm start
π₯οΈ Building executables
You can package Rentgen into a standalone app (.exe for Windows, .dmg for macOS, .AppImage for Linux)
### If you want to package the app (bundle it for distribution)
npm run package
### If you want a ready-to-distribute installer
npm run make