full screen background image

Susanoo: REST API security testing framework


Susanoo is a REST API security testing framework.


  • Configurable inputs/outputs formats
  • API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.
  • Smoke Scan: Custom output checks for known pocs can be configured to run daily.

Types of Scans:

* API Vulnerability Scan

  • **  Scans for following bugs:
  • ***   Indirect Object References
  • ***   Authentication issues
  • ***   SQL injections
  • ***   Error stacks

* Smoke Scan

  • **  A known Proof-of-concept can be configured to run daily/weekly etc.


^^/D/projects >>> git clone https://github.com/ant4g0nist/susanoo
^^/D/projects >>> cd susanoo
^^/D/p/susanoo >>> sudo pip install -r requirements.txt


^^/D/p/susanoo >>> cd db
^^/D/p/s/db >>> sudo mongod --dbpath . --bind_ip=	
^^/D/p/susanoo >>> python susanoo.py


Source: Github



Πηγή : securityonline

Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Part-Time Hacker || Child Pornography & Sexual Abuse Combat

Leave a Reply

Your email address will not be published. Required fields are marked *