full screen background image

Susanoo: REST API security testing framework

Susanoo

Susanoo is a REST API security testing framework.

Features

  • Configurable inputs/outputs formats
  • API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.
  • Smoke Scan: Custom output checks for known pocs can be configured to run daily.

Types of Scans:

* API Vulnerability Scan

  • **  Scans for following bugs:
  • ***   Indirect Object References
  • ***   Authentication issues
  • ***   SQL injections
  • ***   Error stacks

* Smoke Scan

  • **  A known Proof-of-concept can be configured to run daily/weekly etc.

Installation

^^/D/projects >>> git clone https://github.com/ant4g0nist/susanoo
^^/D/projects >>> cd susanoo
^^/D/p/susanoo >>> sudo pip install -r requirements.txt

Usage

^^/D/p/susanoo >>> cd db
^^/D/p/s/db >>> sudo mongod --dbpath . --bind_ip=127.0.0.1	
^^/D/p/susanoo >>> python susanoo.py

 

Source: Github

 

 

Πηγή : securityonline



Anastasis Vasileiadis

PC Technical || Penetration Tester || Ethical Hacker || Cyber Security Expert || Cyber Security Analyst || Information Security Researcher || Part-Time Hacker || Child Pornography & Sexual Abuse Combat


Leave a Reply

Your email address will not be published. Required fields are marked *