sj

command module
v0.0.0-...-e9e2857 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2023 License: MIT Imports: 1 Imported by: 0

README

sj (Swagger Jacker)

sj is a command line tool designed to assist with auditing of exposed Swagger/OpenAPI definition files by checking the associated API endpoints for weak authentication. It also provides command templates for manual vulnerability testing.

It does this by parsing the definition file for paths, parameters, and accepted methods before using the results with one of three commands:

  • automate - Crafts a series of requests and analyzes the status code of the response.
  • prepare - Generates a list of commands to use for manual testing.
  • endpoints - Generates a list of raw API routes. Path values will not be replaced with test data.

Build

To compile from source, ensure you have Go version >= 1.20 installed and run go build from within the repository:

$ git clone https://github.com/BishopFox/sj.git
$ cd sj/
$ go build .

Install

To install the latest version of the tool, run:

$ go install github.com/BishopFox/sj@latest

Usage

Use the automate command to send a series of requests to each defined endpoint and analyze the status code of each response.

Automate Command

Use the prepare command to prepare a list of curl commands for manual testing. You will likely have to modify these slightly.

Prepare Command

Use the endpoints command to generate a list of raw endpoints from the provided definition file.

Endpoints Command

Help

A full list of commands can be found by using the --help flag:

Help Command

Documentation

The Go Gopher

There is no documentation for this package.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.