在测试中偶尔会碰到swagger泄露 常见的泄露如图: 
有的泄露接口特别多,每一个都手动去试根本试不过来 于是用python写了个脚本自动爬取所有接口,配置好传参发包访问
原理是首先抓取http://url/swagger-resources 获取到有哪些标准及对应的文档地址 而后对每个标准下的接口文档进行解析,构造请求包,获取响应
尽量考虑到了所有可能的传参格式,实际测试只有少数几个会500或400响应需要手动修改一下,其余都是401或者200 200就是未授权访问接口了,可以进一步做其他诸如sqli等测试 运行时如图: 
所有测试结果都存储在csv中: 
欢迎大家关注稻草人安全团队,后续有更多技术文章、工具分享等 
Dredd — HTTP API Testing Framework Dredd is a language-agnostic command-line tool for validating API description document against backend implementati
BulldozerType This is a bot that can type without any assistance and have incredible speed. This bot currently only works on the site https://onlinety
Autotest2d WrightEagle AutoTest (Has been updated by Cyrus team members) Thanks go to WrightEagle Members. Steps 1- prepare start_team file. In this s
sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of
Connexion Faker Get Started Install With poetry: poetry add connexion-faker # a
Sixpack Sixpack is a framework to enable A/B testing across multiple programming languages. It does this by exposing a simple API for client libraries
Robot Framework Introduction Installation Example Usage Documentation Support and contact Contributing License Introduction Robot Framework is a gener
serverless-create-api-test A simple serverless create api test repository. Please Ignore. Things to remember: Setup workflow Change Name in workflow e
mamba: the definitive test runner for Python mamba is the definitive test runner for Python. Born under the banner of behavior-driven development. Ins
fidelipy fidelipy is a simple Python 3.7+ library for semi-automated trading on fidelity.com. The scope is limited to the Trade Stocks/ETFs simplified
To automate the generation and validation tests of COSE/CBOR Codes and it's base45/2D Code representations, a lot of data has to be collected to ensure the variance of the tests. This respository was
aiohttp with charset-normalizer Context aiohttp.TCPConnector(limit=16) alpine linux nginx 1.21 python 3.9 aiohttp dev-master chardet 4.0.0 (aiohttp-ch
PyAutoGUI PyAutoGUI is a cross-platform GUI automation Python module for human beings. Used to programmatically control the mouse & keyboard. pip inst
This is a pytest plugin, that enables you to test your code that relies on a running MongoDB database. It allows you to specify fixtures for MongoDB process and client.
aresponses an asyncio testing server for mocking external services Features Fast mocks using actual network connections allows mocking some types of n
django-test-plus Useful additions to Django's default TestCase from REVSYS Rationale Let's face it, writing tests isn't always fun. Part of the reason
Flask_Restful_SQLAlchemy_server User-interest mock backend server implemnted using flask restful, and SQLAlchemy ORM confiugred with sqlite. Backend b
mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the
About UUM Merit Form Filler UUM Merit Form Filler is a web automation which helps automate entering a matric number to the UUM system in order for par
pychoir - Python Test Matchers for humans Super duper low cognitive overhead matching for Python developers reading or writing tests. Implemented in p
4k Jan 05, 2023
1 Jan 03, 2022
3 Sep 01, 2022
25.7k Jan 04, 2023
6 Dec 19, 2022
1.7k Dec 24, 2022
7.7k Jan 07, 2023
1 Jan 18, 2022
502 Dec 30, 2022
8 May 10, 2022
160 Jul 25, 2022
2 Nov 30, 2022
7.5k Dec 31, 2022
19 Oct 21, 2022
93 Nov 16, 2022
546 Dec 22, 2022
1 Nov 17, 2022
29.7k Jan 02, 2023
3 May 31, 2022
15 Sep 14, 2022