GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Fuzzapi → Api Fuzzer

Fuzzapi / Api Fuzzer

Licence: mit
API Fuzzer which allows to fuzz request attributes using common pentesting techniques and lists vulnerabilities

Programming Languages

ruby
36898 projects - #4 most used programming language

Labels

securityvulnerabilityruby-gemgemrubygem

Projects that are alternatives of or similar to Api Fuzzer

Unimidi
Realtime MIDI IO for Ruby
Stars: ✭ 229 (-3.78%)
Mutual labels:  ruby-gem, gem
Motion
Reactive frontend UI components for Rails in pure Ruby
Stars: ✭ 498 (+109.24%)
Mutual labels:  ruby-gem, gem
Devise masquerade
Extension for devise, enable login as functionality. Add link to the masquerade_path(resource) and use it.
Stars: ✭ 380 (+59.66%)
Mutual labels:  ruby-gem, gem
log-symbols
A ruby 💎gem💎 for generating log symbols
Stars: ✭ 14 (-94.12%)
Mutual labels:  ruby-gem, gem
Str metrics
Ruby gem (native extension in Rust) providing implementations of various string metrics
Stars: ✭ 68 (-71.43%)
Mutual labels:  ruby-gem, rubygem
nlp-pure
Natural language processing algorithms implemented in pure Ruby with minimal dependencies
Stars: ✭ 19 (-92.02%)
Mutual labels:  rubygem, gem
Matestack Ui Core
Matestack enables you to create sophisticated, reactive UIs in pure Ruby, without touching JavaScript and HTML. You end up writing 50% less code while increasing productivity, maintainability and developer happiness.
Stars: ✭ 469 (+97.06%)
Mutual labels:  ruby-gem, rubygem
filtered
Filters ActiveRecord queries in a nice way
Stars: ✭ 28 (-88.24%)
Mutual labels:  ruby-gem, gem
Dry Validation
Validation library with type-safe schemas and rules
Stars: ✭ 1,087 (+356.72%)
Mutual labels:  gem, rubygem
Green Button Data
Fast Ruby parser and API client for Green Button data
Stars: ✭ 18 (-92.44%)
Mutual labels:  gem, rubygem
Gemsurance
Gem vulnerability checker using rubysec/ruby-advisory-db
Stars: ✭ 207 (-13.03%)
Mutual labels:  gem, vulnerability
Graphql devise
GraphQL interface on top devise_token_auth
Stars: ✭ 100 (-57.98%)
Mutual labels:  gem, rubygem
jquery-datatables
Jquery datatables ruby gems for assets pipeline
Stars: ✭ 73 (-69.33%)
Mutual labels:  rubygem, gem
Stitches
Create a Microservice in Rails with minimal ceremony
Stars: ✭ 371 (+55.88%)
Mutual labels:  ruby-gem, gem
rspec n
A ruby gem that runs RSpec N times.
Stars: ✭ 37 (-84.45%)
Mutual labels:  ruby-gem, gem
Dry Monads
Useful, common monads in idiomatic Ruby
Stars: ✭ 453 (+90.34%)
Mutual labels:  gem, rubygem
glimmer-dsl-swt
Glimmer DSL for SWT (JRuby Desktop Development GUI Framework)
Stars: ✭ 53 (-77.73%)
Mutual labels:  ruby-gem, rubygem
rails cursor pagination
Add cursor pagination to your ActiveRecord backed application
Stars: ✭ 21 (-91.18%)
Mutual labels:  ruby-gem, gem
Materialize Sass
Materializecss rubygem for Rails Asset Pipeline / Sprockets
Stars: ✭ 785 (+229.83%)
Mutual labels:  gem, rubygem
Tty Exit
Terminal exit codes.
Stars: ✭ 101 (-57.56%)
Mutual labels:  gem, rubygem
View All Similar Projects ➔

API Fuzzer

API_Fuzzer gem accepts a API request as input and returns vulnerabilities possible in the API. Following are the main check involved in API_Fuzzer gem

  • Cross-site scripting vulnerability
  • SQL injection
  • Blind SQL injection
  • XML External entity vulnerability
  • IDOR (in specific cases)
  • API Rate Limiting
  • Open redirect vulnerabilities
  • Information Disclosure flaws
  • Info leakage through headers
  • Cross-site request forgery vulnerability

Installation

Add this line to your application's Gemfile:

gem 'API_Fuzzer'

And then execute:

$ bundle

Or install it yourself as:

$ gem install API_Fuzzer

Usage

Run bin/console

Lets say you have following endpoint

POST /api/v2/credit_cards/123

Host: test.host.com
User-Agent: Mozilla Firefox
Auth: Basic Adnjefnef443nr4jh4h
{ credit_card: '4242424242424242', expiry: '07/17', cvv: '123', name: 'First name' }

API_Fuzzer module comes with static method scan and accepts above request

require 'API_Fuzzer'

options = {
  url: 'http://test.host.com/api/v2/credit_cards/123',
  params: {
    credit_card: '4242424242424242',
    expiry: '07/17',
    cvv: '123',
    name: 'First name'
  },
  method: ['POST'],
  headers: {
    'Host' => 'test.host.com',
    'User-Agent' => 'Mozilla Firefox',
    'Auth' => 'Basic Adnjefnef443nr4jh4h'
  }
}
vulnerabilities = API_Fuzzer.scan(options)

vulnerabilites is an array of vulnerability, each distinguished with impact type, title and description.

Above Ruby code can be painful for writing ruby script for each request. Fuzzapi is a rails application which integrates and bundles API_Fuzzer and brings UI changes to easily scan API endpoints.

Development

After checking out the repo, run bin/setup to install dependencies. Then, run rake test to run the tests. You can also run bin/console for an interactive prompt that will allow you to experiment.

To install this gem onto your local machine, run bundle exec rake install. To release a new version, update the version number in version.rb, and then run bundle exec rake release, which will create a git tag for the version, push git commits and tags, and push the .gem file to rubygems.org.

If you have any issue, we would be happy to help. You can create an issue in repository or contact any of following twitter handles @abhijeth, @srini0x00, @lalithr95

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/lalithr95/API_Fuzzer. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.

License

The gem is available as open source under the terms of the MIT License.

Copyrights Fuzzdb for fuzzing payloads

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].