Demo Mode

Demo mode lets you explore everything NAT can do — without connecting to a real API. NAT spins up a built-in example REST API, runs a complete security scan against it, and produces a full findings report, all in an isolated sandbox on your local machine.

Demo mode is completely safe. No external network requests are made. The example API contains intentional vulnerabilities for demonstration purposes only.

What demo mode demonstrates

Running nat demo walks you through:

Endpoint discovery — NAT maps the example API's 20 endpoints automatically
Authentication testing — NAT detects the auth scheme and probes for bypass flaws
OWASP API Top 10 testing — injection, BOLA, broken auth, mass assignment, and more
Risk scoring — each finding is scored and prioritized
Report generation — a full HTML report with evidence and remediation guidance

Quick start

nat demo

That's it. NAT will:

Start the built-in example API on a random local port
Run a full security scan against it
Open the results report in your browser

The entire demo completes in about 2–3 minutes.

Demo walkthrough

Install NAT

pip install nat-engine

Launch demo mode

nat demo

Watch the live output as NAT discovers endpoints and executes tests:

[NAT] Starting demo mode...
[NAT] Built-in example API started on http://127.0.0.1:49823
[NAT] Discovering endpoints...
[NAT] Discovered 20 endpoints across 4 resource groups
[NAT] Starting security analysis...
[CRITICAL] POST /api/v1/auth/login — Credential brute-force (no rate limiting)
[HIGH]     GET  /api/v1/users/{id} — Broken Object Level Authorization
[HIGH]     POST /api/v1/products — Mass Assignment vulnerability
[MED]      GET  /api/v1/orders — Excessive Data Exposure
[LOW]      GET  /api/v1/status — Verbose server information disclosure
[NAT] Scan complete. 12 findings in 00:02:31
[NAT] Opening report in browser...

Review the report

The HTML report opens automatically and shows:

Executive summary — finding counts by severity
Endpoint map — visual overview of tested endpoints
Finding detail — exact request/response evidence for each issue
Remediation guidance — code-level fix suggestions

Explore CLI flags

Try these demo variations:

# Don't open browser, save report to file
nat demo --no-browser --output ./demo-report.html
 
# JSON output for scripting
nat demo --format json --output ./demo-results.json
 
# Verbose output — see every request NAT makes
nat demo --verbose

The built-in example API

The demo API is a realistic e-commerce REST API with intentional vulnerabilities:

Endpoint	Vulnerability demonstrated
`POST /api/v1/auth/login`	Missing rate limiting / brute force
`GET /api/v1/users/{id}`	Broken Object Level Authorization (BOLA)
`POST /api/v1/users`	Mass Assignment — overpermissive field binding
`GET /api/v1/orders`	Excessive Data Exposure
`GET /api/v1/products?search=`	SQL-like injection in query parameter
`PUT /api/v1/users/{id}/role`	Broken Function Level Authorization
`GET /api/v1/admin/users`	Admin endpoint with weak auth check

All findings in demo mode are pre-seeded — NAT's detections are deterministic so you always see the same results.

Demo vs. live scan

Feature	Demo mode	Live scan
API to test	Built-in example	Your API
Network	Localhost only	External
Auth required	No	Optional
Findings	Pre-seeded	Real discoveries
Time to complete	~2–3 min	5 min – several hours
Safe to run	Always	Only on owned APIs

Next steps

Your First Scan — scan your own API
Installation — install options and requirements
Security Scanning — understand what NAT tests for

CLI Reference Dashboard