Python
  • Blog
  • Contact
    • Overview
    Issues 0

    A REST API security testing framework.

    ant4g0nist ant4g0nist Last update: Jan 25, 2024

    Susanoo:

    Susanoo is a REST API security testing framework.

    Features

    • Configurable inputs/outputs formats
    • API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.
    • Smoke Scan: Custom output checks for known pocs can be configured to run daily.

    Types of Scans:

    * API Vulnerability Scan
	**  Scans for following bugs:
		***   Indirect Object References
		***   Authentication issues
		***   SQL injections
		***   Error stacks

* Smoke Scan
	**  A known Proof-of-concept can be configured to run daily/weekly etc.

    Configuration:

    Susanoo takes yaml files in configuration. Please check the examples folder for sample configuration files.

    Parameter Types:

    	resource --> static
		Eg: In the following example the value "password" is used for grant_type:

			password: {"type":"resource", "required":True, "value":"p@ssw0rd"}

	hex-n:
		Generate hex of length n.
			Eg: a hex value of length 16 is generated for uniqueId in below example:

				id: {'type':'hex-16', 'required': True} 

	int-n:
		Generates int of size n
			Eg: a int value of size 4 is generated for uniqueId in below example:
			
				bonus: {'type':'int-4', 'required':'True'}

	email:
		Generates random email id
			Eg: a random email id is generated and assigned for email_id

				email_id: {"type":"email", "required":True}

	username:
		Generates random username
			Eg: a random username is generated and assigned for username

				username: {"type":"username", "required":True}

	string:
		Generates random strings
			Eg: generates random strings of variable length.

				string: {"type":"string", "required":True}

    Donation:

    If you like the project, you can buy me beers :)

    Donate Bitcoin

    Installation:

    ^^/D/projects >>> git clone https://github.com/ant4g0nist/susanoo
^^/D/projects >>> cd susanoo
^^/D/p/susanoo >>> sudo pip install -r requirements.txt

    Usage:

    ^^/D/p/susanoo >>> cd db
^^/D/p/s/db >>> sudo mongod --dbpath . --bind_ip=127.0.0.1	

^^/D/p/susanoo >>> python susanoo.py

    TODO:

    • Use celery/scheduler to schedule the scans
    • Chain apis together? pickup value from one api and use in another
    • Add more vulnerability checks
    • Make it more reliable
    • Parallelize scans using Celery
    • Add better reporting

    Thanks:

    Tags:

    Owner

    ant4g0nist

    ant4g0nist
    GitHub Repository https://github.com/ant4g0nist
    DRF-like declarative viewsets for FastAPI

    Core functionality only (basic viewsets & schema classes): Database tools: Let's create a viewset for managing content posts. It will provide full kit of actions with simple mock data: Pseudocode…

    tinkoffjournal
    67 Nov 17, 2023
    Python ticketing utility for working with tickets in popular tools

    ticketutil is a Python module that allows you to easily interact with various ticketing tools using their REST APIs. Currently, the supported tools are JIRA, RT, Redmine, Bugzilla, and ServiceNow. Al…

    dmranck
    64 May 01, 2024
    HUB REST API Python bindings

    The hub-rest-api-python provides Python bindings for Hub REST API. Introducing the new Client class. In order to provide a more robust long-term connection, faster performance, and an overall better …

    blackducksoftware
    84 Apr 30, 2024
    :evergreen_tree: Python module for communicating with the Taiga API

    Warning

    nephila
    92 Apr 08, 2024
    IDEX v3 Exchange REST API python implementation

    The examples above use the wallet private key when creating the Client to specify which wallet to interact with. IDEX v3 supports the Mumbai testnet as a sandbox to test functionality. For other toke…

    sammchardy
    92 Jan 19, 2024
    Serving a keras model (neural networks) in a website with the python Django-REST framework.
    marcogdepinto
    94 Apr 24, 2024
    Python library to interface with Gerrit's REST API

    Pygerrit2 is tested on the following platforms and Python versions: Support for Python 2.x is no longer guaranteed. To install pygerrit2, simply: This simple example shows how to get the user's open …

    dpursehouse
    95 Apr 12, 2024
    Code repository for Building RESTful Python Web Services, published by Packt

    All of the code is organized into folders. Each folder starts with a number followed by the application name. For example, Chapter02. The code will look like the following: In order to work with the …

    PacktPublishing
    116 Mar 25, 2023
    ⛔️ [DEPRECATED] python wrapper for Firebase's REST API

    A very simple wrapper for Firebase's REST API. Install python-firebase using pip: or with easy_install (not recommended): Then simply import firebase at the top of your python script: and then instan…

    mikexstudios
    118 Sep 14, 2023
    Quickly turn command-line applications into RESTful webservices with a web-application front-end. You provide a specification of your command line application, its input, output and parameters, and CLAM wraps around your application to form a fully fledged RESTful webservice.

    CLAM allows you to quickly and transparently transform your Natural Language Processing application into a RESTful webservice, with which both human end-users as well as automated clients can interac…

    proycon
    129 Mar 09, 2024

    Subscribe to our newsletter