search

matusf / openapi-fuzzer

Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
GNU Affero General Public License v3.0
533 stars 22 forks source link

Missing options '--skip-tls-verify' and '--no-rate-limiting' using installation from crates.io #44

Closed henning410 closed 3 months ago

henning410 commented 3 months ago

I installed openapi-fuzzer using cargo install openapi-fuzzer

When I run openapi-fuzzer run --help I get the following output: 

Usage: openapi-fuzzer run -s <spec> -u <url> [-i <ignore-status-code...>] [-H <header...>] [--max-test-case-count <max-test-case-count>] [-o <results-dir>] [--stats-dir <stats-dir>]

run openapi-fuzzer

Options:
  -s, --spec        path to OpenAPI specification file
  -u, --url         url of api to fuzz
  -i, --ignore-status-code
                    status codes that will not be considered as finding
  -H, --header      additional header to send
  --max-test-case-count
                    maximum number of test cases that will run for each
                    combination of endpoint and method (default: 256)
  -o, --results-dir directory for results with minimal generated payload used
                    for resending requests (default: results).
  --stats-dir       directory for request times statistics. if no value is
                    supplied, statistics will not be saved
  --help            display usage information

There are options you mentioned in your Readme missing, for example --skip-tls-verify. I also can't use this option, I get the error: Unrecognized argument: --skip-tls-verify

What is wrong here? Is crates.io installation not up-to-date?

matusf commented 3 months ago

Yes, the changes are only in master, and are not published to crates.io yet. If you want to use them now, you need to install the fuzzer from source.