Module: API_Fuzzer

Defined in:

lib/API_Fuzzer.rb,
lib/API_Fuzzer/error.rb,
lib/API_Fuzzer/engine.rb,
lib/API_Fuzzer/request.rb,
lib/API_Fuzzer/sql_check.rb,
lib/API_Fuzzer/xss_check.rb,
lib/API_Fuzzer/xxe_check.rb,
lib/API_Fuzzer/csrf_check.rb,
lib/API_Fuzzer/idor_check.rb,
lib/API_Fuzzer/header_info.rb,
lib/API_Fuzzer/resource_info.rb,
lib/API_Fuzzer/vulnerability.rb,
lib/API_Fuzzer/redirect_check.rb,
lib/API_Fuzzer/sql_blind_check.rb,
lib/API_Fuzzer/rate_limit_check.rb,
lib/API_Fuzzer/privilege_escalation_check.rb

Defined Under Namespace

Classes: CsrfCheck, Engine, Error, HeaderInfo, IdorCheck, InvalidResponse, InvalidURLError, PrivilegeEscalationCheck, RateLimitCheck, RedirectCheck, Request, ResourceInfo, SqlBlindCheck, SqlCheck, Vulnerability, XssCheck, XxeCheck

Class Method Summary

• .scan(options = {}) ⇒ Object

  Scans all the checks.

• .static_analysis(options = {}) ⇒ Object

Class Method Details

.scan(options = {}) ⇒ Object

Scans all the checks

# File 'lib/API_Fuzzer.rb', line 18

def self.scan(options = {})
  vulnerabilities = []
  options.freeze

  vulnerabilities << static_analysis(options)
  vulnerabilities << API_Fuzzer::XssCheck.scan(options)
  vulnerabilities << API_Fuzzer::SqlCheck.scan(options)
  vulnerabilities << API_Fuzzer::SqlBlindCheck.scan(options)
  vulnerabilities << API_Fuzzer::RedirectCheck.scan(options)
  vulnerabilities << API_Fuzzer::IdorCheck.scan(options)
  vulnerabilities << API_Fuzzer::RateLimitCheck.scan(options)
  vulnerabilities << API_Fuzzer::CsrfCheck.scan(options)
  vulnerabilities << API_Fuzzer::PrivilegeEscalationCheck.scan(options)
  API_Fuzzer::XxeCheck.scan(options)
  vulnerabilities.uniq.flatten
end

.static_analysis(options = {}) ⇒ Object

# File 'lib/API_Fuzzer.rb', line 35

def self.static_analysis(options = {})
  response = API_Fuzzer::Request.send_api_request(url: options[:url], cookies: options[:cookies])
  issues = []

  issues << API_Fuzzer::ResourceInfo.scan(response)
  issues << API_Fuzzer::HeaderInfo.scan(response)
  issues
end