GithubHelp home page GithubHelp logo

susanoo's Introduction

Susanoo:

Susanoo is a REST API security testing framework.

Features

  • Configurable inputs/outputs formats
  • API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.
  • Smoke Scan: Custom output checks for known pocs can be configured to run daily.

Types of Scans:

* API Vulnerability Scan
	**  Scans for following bugs:
		***   Indirect Object References
		***   Authentication issues
		***   SQL injections
		***   Error stacks

* Smoke Scan
	**  A known Proof-of-concept can be configured to run daily/weekly etc.

Configuration:

Susanoo takes yaml files in configuration. Please check the examples folder for sample configuration files.

Parameter Types:

	resource --> static
		Eg: In the following example the value "password" is used for grant_type:

			password: {"type":"resource", "required":True, "value":"p@ssw0rd"}

	hex-n:
		Generate hex of length n.
			Eg: a hex value of length 16 is generated for uniqueId in below example:

				id: {'type':'hex-16', 'required': True} 

	int-n:
		Generates int of size n
			Eg: a int value of size 4 is generated for uniqueId in below example:
			
				bonus: {'type':'int-4', 'required':'True'}

	email:
		Generates random email id
			Eg: a random email id is generated and assigned for email_id

				email_id: {"type":"email", "required":True}

	username:
		Generates random username
			Eg: a random username is generated and assigned for username

				username: {"type":"username", "required":True}

	string:
		Generates random strings
			Eg: generates random strings of variable length.

				string: {"type":"string", "required":True}

Donation:

If you like the project, you can buy me beers :)

Donate Bitcoin

Installation:

^^/D/projects >>> git clone https://github.com/ant4g0nist/susanoo
^^/D/projects >>> cd susanoo
^^/D/p/susanoo >>> sudo pip install -r requirements.txt

Usage:

^^/D/p/susanoo >>> cd db
^^/D/p/s/db >>> sudo mongod --dbpath . --bind_ip=127.0.0.1	

^^/D/p/susanoo >>> python susanoo.py

TODO:

  • Use celery/scheduler to schedule the scans
  • Chain apis together? pickup value from one api and use in another
  • Add more vulnerability checks
  • Make it more reliable
  • Parallelize scans using Celery
  • Add better reporting

Thanks:

susanoo's People

Contributors

ant4g0nist avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.