Code Monkey home page Code Monkey logo

thorn's Introduction

OFFAT - OFFensive Api Tester

Automatically Tests for vulnerabilities after generating tests from openapi specification file. Project is in Beta stage, so sometimes it might crash while running.

UnDocumented petstore API endpoint HTTP method results

Features

  • Restricted HTTP Methods
  • SQLi
  • BOLA (Might need few bug fixes)
  • Data Exposure (Detects Common Data Exposures)
  • BOPLA / Mass Assignment
  • Broken Authentication

Demo

asciicast

PyPi Downloads

Upload offat Python Package to PyPi

Period Count
Weekly Downloads
Monthy Downloads
Total Downloads

Disclaimer

The disclaimer advises users to use the open-source project for ethical and legitimate purposes only and refrain from using it for any malicious activities. The creators and contributors of the project are not responsible for any illegal activities or damages that may arise from the misuse of the project. Users are solely responsible for their use of the project and should exercise caution and diligence when using it. Any unauthorized or malicious use of the project may result in legal action and other consequences.

Read More

Join Our Discord Community

Join our Discord server!

Installation

Using pip

  • Install main branch using pip

    python3 -m pip install git+https://github.com/dmdhrumilmistry/offat.git
  • Install Release from PyPi

    python3 -m pip install offat

Manual Method

  • Open terminal

  • Install git package

    sudo apt install git python3 -y
  • Install Poetry

  • clone the repository to your machine

    git clone https://github.com/dmdhrumilmistry/offat.git
  • Change directory

    cd offat
  • install with poetry

    # without options
    poetry install

Start OffAT

  • Run offat

    offat -f swagger_file.json
  • To get all the commands use help

    offat -h
  • Run tests only for endpoint paths matching regex pattern

    offat -f swagger_file.json -pr '/user'
  • Add headers to requests

    offat -f swagger_file.json -H 'Accept: application/json' -H 'Authorization: Bearer YourJWTToken'
  • Run Test with Requests Rate Limited

    offat -f swagger_file.json -rl 1000 -dr 0.001

    rl: requests rate limit, dr: delay between requests

  • Use user provided inputs for generating tests

    offat -f swagger_file.json -tdc test_data_config.yaml

    test_data_config.yaml

    actors:
    - actor1:
        request_headers:
          - name: Authorization
            value: Bearer [Token1]
          - name: User-Agent
            value: offat-actor1
    
        query:
          - name: id
            value: 145
            type: int
          - name: country
            value: uk
            type: str
          - name: city
            value: london
            type: str
    
        body:
          - name: name
            value: actorone
            type: str
          - name: email
            value: [email protected]
            type: str
          - name: phone
            value: +11233211230
            type: str
    
    - actor2:
        request_headers:
          - name: Authorization
            value: Bearer [Token2]
          - name: User-Agent
            value: offat-actor2
    
        query:
          - name: id
            value: 199
            type: int
          - name: country
            value: uk
            type: str
          - name: city
            value: leeds
            type: str
    
        body:
          - name: name
            value: actortwo
            type: str
          - name: email
            value: [email protected]
            type: str
          - name: phone
            value: +41912312311
            type: str

If you're using Termux or windows, then use pip instead of pip3.
Few features are only for linux os, hence they might not work on windows and require admin priviliges.

Open In Google Cloud Shell

  • Temporary Session
    Open in Cloud Shell
  • Perisitent Session
    Open in Cloud Shell

Have any Ideas ๐Ÿ’ก or issue

  • Create an issue
  • Fork the repo, update script and create a Pull Request

Contributing

Refer CONTRIBUTIONS.md for contributing to the project.

LICENSE

Offat is distributed under MIT License. Refer License for more information.

Connect With Me

Platforms
GitHub LinkedIn Twitter
Instagram Blog Youtube

thorn's People

Contributors

dependabot[bot] avatar dmdhrumilmistry avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.