Demo Mode
Demo mode lets you explore everything NAT can do β without connecting to a real API. NAT spins up a built-in example REST API, runs a complete security scan against it, and produces a full findings report, all in an isolated sandbox on your local machine.
Demo mode is completely safe. No external network requests are made. The example API contains intentional vulnerabilities for demonstration purposes only.
What demo mode demonstrates
Running nat demo walks you through:
- Endpoint discovery β NAT maps the example API's 20 endpoints automatically
- Authentication testing β NAT detects the auth scheme and probes for bypass flaws
- OWASP API Top 10 testing β injection, BOLA, broken auth, mass assignment, and more
- Risk scoring β each finding is scored and prioritized
- Report generation β a full HTML report with evidence and remediation guidance
Quick start
nat demoThat's it. NAT will:
- Start the built-in example API on a random local port
- Run a full security scan against it
- Open the results report in your browser
The entire demo completes in about 2β3 minutes.
Demo walkthrough
Install NAT
pip install nat-engineLaunch demo mode
nat demoWatch the live output as NAT discovers endpoints and executes tests:
[NAT] Starting demo mode...
[NAT] Built-in example API started on http://127.0.0.1:49823
[NAT] Discovering endpoints...
[NAT] Discovered 20 endpoints across 4 resource groups
[NAT] Starting security analysis...
[CRITICAL] POST /api/v1/auth/login β Credential brute-force (no rate limiting)
[HIGH] GET /api/v1/users/{id} β Broken Object Level Authorization
[HIGH] POST /api/v1/products β Mass Assignment vulnerability
[MED] GET /api/v1/orders β Excessive Data Exposure
[LOW] GET /api/v1/status β Verbose server information disclosure
[NAT] Scan complete. 12 findings in 00:02:31
[NAT] Opening report in browser...Review the report
The HTML report opens automatically and shows:
- Executive summary β finding counts by severity
- Endpoint map β visual overview of tested endpoints
- Finding detail β exact request/response evidence for each issue
- Remediation guidance β code-level fix suggestions
Explore CLI flags
Try these demo variations:
# Don't open browser, save report to file
nat demo --no-browser --output ./demo-report.html
# JSON output for scripting
nat demo --format json --output ./demo-results.json
# Verbose output β see every request NAT makes
nat demo --verboseThe built-in example API
The demo API is a realistic e-commerce REST API with intentional vulnerabilities:
| Endpoint | Vulnerability demonstrated |
|---|---|
POST /api/v1/auth/login | Missing rate limiting / brute force |
GET /api/v1/users/{id} | Broken Object Level Authorization (BOLA) |
POST /api/v1/users | Mass Assignment β overpermissive field binding |
GET /api/v1/orders | Excessive Data Exposure |
GET /api/v1/products?search= | SQL-like injection in query parameter |
PUT /api/v1/users/{id}/role | Broken Function Level Authorization |
GET /api/v1/admin/users | Admin endpoint with weak auth check |
All findings in demo mode are pre-seeded β NAT's detections are deterministic so you always see the same results.
Demo vs. live scan
| Feature | Demo mode | Live scan |
|---|---|---|
| API to test | Built-in example | Your API |
| Network | Localhost only | External |
| Auth required | No | Optional |
| Findings | Pre-seeded | Real discoveries |
| Time to complete | ~2β3 min | 5 min β several hours |
| Safe to run | Always | Only on owned APIs |
Running demo via Docker
If you prefer not to install NAT locally, you can run the demo entirely inside a Docker container using the public image from Docker Hub:
docker run --rm -p 8080:8080 natengine/nat:latestThis pulls the public natengine/nat:latest image from Docker Hub, starts the built-in example API inside the container, and runs the full demo scan β no Python installation or repository clone required. Once the scan completes, the results are available at http://localhost:8080 in your browser.
nat demo vs docker run
nat demo | docker run | |
|---|---|---|
| Runtime | Local Python (pip install required) | Docker container (no Python install needed) |
| Setup | pip install nat-engine | Docker Desktop or Docker Engine |
| Report location | Opens in browser automatically | Available at http://localhost:8080 |
| Best for | Developers with Python already installed | Quick evaluation, CI environments, minimal host dependencies |
Use nat demo when you already have NAT installed and want the fastest path to a demo. Use docker run when you want zero local dependencies beyond Docker.
Next steps
- Demos hub β OrangeHRM live demo and other guided walkthroughs
- Your First Scan β scan your own API
- Installation β install options and requirements
- Security Scanning β understand what NAT tests for