GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → ant4g0nist → Susanoo

ant4g0nist / Susanoo

Licence: mit
A REST API security testing framework.

Programming Languages

python
139335 projects - #7 most used programming language

Labels

securityrest-apisecurity-toolspentestingpentest-tool

Projects that are alternatives of or similar to Susanoo

Airmaster
Use ExpiredDomains.net and BlueCoat to find useful domains for red team.
Stars: ✭ 150 (-47.74%)
Mutual labels:  security-tools, pentesting, pentest-tool
Habu
Hacking Toolkit
Stars: ✭ 635 (+121.25%)
Mutual labels:  security-tools, pentesting, pentest-tool
Packetwhisper
PacketWhisper: Stealthily exfiltrate data and defeat attribution using DNS queries and text-based steganography. Avoid the problems associated with typical DNS exfiltration methods. Transfer data between systems without the communicating devices directly connecting to each other or to a common endpoint. No need to control a DNS Name Server.
Stars: ✭ 405 (+41.11%)
Mutual labels:  security-tools, pentesting, pentest-tool
Stowaway
👻Stowaway -- Multi-hop Proxy Tool for pentesters
Stars: ✭ 500 (+74.22%)
Mutual labels:  security-tools, pentesting, pentest-tool
Vulmap
Vulmap 是一款 web 漏洞扫描和验证工具, 可对 webapps 进行漏洞扫描, 并且具备漏洞利用功能
Stars: ✭ 1,079 (+275.96%)
Mutual labels:  security-tools, pentesting, pentest-tool
Impost3r
👻Impost3r -- A linux password thief
Stars: ✭ 355 (+23.69%)
Mutual labels:  security-tools, pentesting, pentest-tool
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+80.14%)
Mutual labels:  security-tools, pentesting, pentest-tool
Sn1per
Attack Surface Management Platform | Sn1perSecurity LLC
Stars: ✭ 4,897 (+1606.27%)
Mutual labels:  pentest-tool, pentesting, security-tools
Dumpsterfire
"Security Incidents In A Box!" A modular, menu-driven, cross-platform tool for building customized, time-delayed, distributed security events. Easily create custom event chains for Blue- & Red Team drills and sensor / alert mapping. Red Teams can create decoy incidents, distractions, and lures to support and scale their operations. Build event sequences ("narratives") to simulate realistic scenarios and generate corresponding network and filesystem artifacts.
Stars: ✭ 775 (+170.03%)
Mutual labels:  security-tools, pentesting, pentest-tool
Evillimiter
Tool that monitors, analyzes and limits the bandwidth of devices on the local network without administrative access.
Stars: ✭ 764 (+166.2%)
Mutual labels:  security-tools, pentesting, pentest-tool
Exploitpack
Exploit Pack -The next generation exploit framework
Stars: ✭ 728 (+153.66%)
Mutual labels:  security-tools, pentesting, pentest-tool
Sippts
Set of tools to audit SIP based VoIP Systems
Stars: ✭ 116 (-59.58%)
Mutual labels:  security-tools, pentesting, pentest-tool
Cloakify
CloakifyFactory - Data Exfiltration & Infiltration In Plain Sight; Convert any filetype into list of everyday strings, using Text-Based Steganography; Evade DLP/MLS Devices, Defeat Data Whitelisting Controls, Social Engineering of Analysts, Evade AV Detection
Stars: ✭ 1,136 (+295.82%)
Mutual labels:  security-tools, pentesting, pentest-tool
Jwtxploiter
A tool to test security of json web token
Stars: ✭ 130 (-54.7%)
Mutual labels:  security-tools, pentesting, pentest-tool
Rescope
Rescope is a tool geared towards pentesters and bugbounty researchers, that aims to make life easier when defining scopes for Burp Suite and OWASP ZAP.
Stars: ✭ 156 (-45.64%)
Mutual labels:  security-tools, pentesting
Webhashcat
Hashcat web interface
Stars: ✭ 151 (-47.39%)
Mutual labels:  security-tools, pentesting
Zigdiggity
A ZigBee hacking toolkit by Bishop Fox
Stars: ✭ 169 (-41.11%)
Mutual labels:  security-tools, pentest-tool
Crithit
Takes a single wordlist item and tests it one by one over a large collection of websites before moving onto the next. Create signatures to cross-check vulnerabilities over multiple hosts.
Stars: ✭ 182 (-36.59%)
Mutual labels:  security-tools, pentesting
Intrec Pack
Intelligence and Reconnaissance Package/Bundle installer.
Stars: ✭ 177 (-38.33%)
Mutual labels:  security-tools, pentesting
Whatweb
Next generation web scanner
Stars: ✭ 3,503 (+1120.56%)
Mutual labels:  security-tools, pentesting
View All Similar Projects ➔

Susanoo:

Susanoo is a REST API security testing framework.

Features

  • Configurable inputs/outputs formats
  • API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.
  • Smoke Scan: Custom output checks for known pocs can be configured to run daily.

Types of Scans:

* API Vulnerability Scan
	**  Scans for following bugs:
		***   Indirect Object References
		***   Authentication issues
		***   SQL injections
		***   Error stacks

* Smoke Scan
	**  A known Proof-of-concept can be configured to run daily/weekly etc.

Configuration:

Susanoo takes yaml files in configuration. Please check the examples folder for sample configuration files.

Parameter Types:

	resource --> static
		Eg: In the following example the value "password" is used for grant_type:

			password: {"type":"resource", "required":True, "value":"[email protected]"}

	hex-n:
		Generate hex of length n.
			Eg: a hex value of length 16 is generated for uniqueId in below example:

				id: {'type':'hex-16', 'required': True} 

	int-n:
		Generates int of size n
			Eg: a int value of size 4 is generated for uniqueId in below example:
			
				bonus: {'type':'int-4', 'required':'True'}

	email:
		Generates random email id
			Eg: a random email id is generated and assigned for email_id

				email_id: {"type":"email", "required":True}

	username:
		Generates random username
			Eg: a random username is generated and assigned for username

				username: {"type":"username", "required":True}

	string:
		Generates random strings
			Eg: generates random strings of variable length.

				string: {"type":"string", "required":True}

Donation:

If you like the project, you can buy me beers :)

Donate Bitcoin

Installation:

^^/D/projects >>> git clone https://github.com/ant4g0nist/susanoo
^^/D/projects >>> cd susanoo
^^/D/p/susanoo >>> sudo pip install -r requirements.txt

Usage:

^^/D/p/susanoo >>> cd db
^^/D/p/s/db >>> sudo mongod --dbpath . --bind_ip=127.0.0.1	

^^/D/p/susanoo >>> python susanoo.py

TODO:

  • [ ] Use celery/scheduler to schedule the scans
  • [ ] Chain apis together? pickup value from one api and use in another
  • [ ] Add more vulnerability checks
  • [ ] Make it more reliable
  • [ ] Parallelize scans using Celery
  • [ ] Add better reporting

Thanks:

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].