search

tadash10 / API-vulnerability-scanner-

MIT License
2 stars 0 forks source link

readme

API-vulnerability-scanner-

Custom API Vulnerability Scanner: Build a custom vulnerability scanner tailored to detecting API-specific issues. This tool could:

first Overview:

The Custom API Vulnerability Scanner is a tool designed to identify security vulnerabilities in APIs. It includes checks for common vulnerabilities such as SQL Injection, XSS, and sensitive data exposure. It also integrates with Swagger/OpenAPI documentation for dynamic endpoint testing, and includes checks for token leakage and rate limiting. The tool can be used via a command-line interface (CLI) or a simple web-based UI. Features

Vulnerability Detection: Checks for SQL Injection, XSS, and sensitive data exposure.
Token Leakage: Detects potential hard-coded or exposed tokens.
Rate Limiting: Identifies rate-limiting mechanisms and thresholds.
Swagger/OpenAPI Integration: Parses OpenAPI specifications to dynamically test endpoints.
Web Interface: Provides a simple web-based UI for interaction (Flask-based).

Prerequisites

Python 3.7 or higher
requests library
Flask library (for the web interface)
pydantic library

Installation

Clone the Repository:

bash

git clone https://github.com/your-repo/api-vulnerability-scanner.git cd api-vulnerability-scanner

Install Dependencies:

It is recommended to use a virtual environment.

bash

python -m venv venv
source venv/bin/activate  # On Windows use `venv\Scripts\activate`
pip install -r requirements.txt

CLI Usage Basic Usage

The CLI allows you to scan an API by providing the URL of the OpenAPI specification.

Run the Scanner:

bash

python scanner.py --url <API_DOCUMENTATION_URL>

Replace <API_DOCUMENTATION_URL> with the URL of your OpenAPI specification.

Example

To scan an API with the OpenAPI documentation available at https://api.example.com/swagger.json, run:

bash

python scanner.py --url https://api.example.com/swagger.json

CLI Options

--url: The URL of the OpenAPI documentation. This option is required.

Step-by-Step CLI Instructions

Ensure Dependencies are Installed:

Before running the scanner, make sure all required libraries are installed. Follow the Installation instructions.

Prepare OpenAPI Documentation:

Ensure that your API has an OpenAPI specification available at a publicly accessible URL.

Run the Scanner:

Execute the CLI command with the appropriate URL to start scanning:

bash

python scanner.py --url <YOUR_OPENAPI_SPEC_URL>

Review Results:

After the scan completes, review the output for identified vulnerabilities and issues.

Web Interface Running the Web Interface

To use the web-based UI, start the Flask application:

bash

python web_interface.py

The web interface will be available at http://127.0.0.1:5000. Using the Web Interface

Open the Web Interface:

Navigate to http://127.0.0.1:5000 in your web browser.

Submit API Documentation URL:

Enter the URL of the OpenAPI specification in the provided form.

Start Scanning:

Click the submit button to start the scan. The results will be displayed on the page.

Testing

To ensure the scanner functions correctly, run the test suite using pytest:

bash

pytest

Contributing

Contributions are welcome! Please submit issues or pull requests through the GitHub repository. License

This project is licensed under the MIT License. See the LICENSE file for more details.

your star will be apreciated !