[addtool] API-fuzzer

[piyush-security]

[link] https://github.com/Fuzzapi/API-fuzzer [/link]

[tags] api, fuzzing [/tags]

[short_descr] It allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities. [/short_descr]

[long_descr] API_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API. Following are the main check involved in API_Fuzzer gem

• Cross-site scripting vulnerability
• SQL injection
• Blind SQL injection
• XML External entity vulnerability
• IDOR (in specific cases)
• API Rate Limiting
• Open redirect vulnerabilities
• Information Disclosure flaws
• Info leakage through headers
• Cross-site request forgery vulnerability [/long_descr]

[image]

[/image]

[gwen001]

Problem occured with the following fields:

• image not found

Check the guidelines or use the template created for that purpose.

[gwen001]

Issue correctly handled, tool is waiting for human validation.

[gwen001]

Tool has been accepted by the team: https://offsec.tools/tool/api-fuzzer

Thank you for your contribution!