Repository files navigation

VulnAPI is an Open-Source DAST designed to help you scan your APIs for common security vulnerabilities and weaknesses.

By using this tool, you can detect and mitigate security vulnerabilities in your APIs before they are exploited by attackers.

Before making your first scan with VulnAPI, you have to download and install it. Please follow the instructions on theInstallation documentation page.

Before scanning, you can discover target API useful information by using thediscover command.

The Vulnerability Scanner CLI offers two methods for scanning APIs:

• Using Curl-like CLI: This method involves directly invoking the CLI with parameters resembling curl commands.
• Using OpenAPI Contracts: This method utilizes OpenAPI contracts to specify API endpoints for scanning.

To discover target API useful information, leaked files and well-known path execute the following command:

vulnapi discover api [API_URL]

Example output:

|     TYPE|                     URL||---------------|---------------------------------------------|| OpenAPI| http://localhost:5000/openapi.json|| GraphQL| http://localhost:5000/graphql|| Well-Known| http://localhost:8080/.well-known/jwks.json|| Exposed Files| http://localhost:8080/.env.dev|| TECHNOLOGIE/SERVICE|     VALUE||---------------------|---------------|| Framework| Flask:2.2.3|| Language| Python:3.7.17|| Server| Flask:2.2.3|

To perform a scan using the Curl-like CLI, execute the following command:

vulnapi scan curl [API_URL] [CURL_OPTIONS]

Replace[API_URL] with the URL of the API to scan, and[CURL_OPTIONS] with any additional curl options you wish to include.

Example:

vulnapi scan curl -X POST https://vulnapi.cerberauth.com/vulnerable/api -H"Authorization: Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJzdWIiOiIxMjM0NTY3ODkwIiwiaWF0IjoxNTE2MjM5MDIyfQ."

To perform a scan using OpenAPI contracts, execute the following command:

echo"[JWT_TOKEN]"| vulnapi scan openapi [PATH_OR_URL_TO_OPENAPI_FILE]

Replace [PATH_OR_URL_TO_OPENAPI_FILE] with the path or the URL to the OpenAPI contract JSON file and [JWT_TOKEN] with the JWT token to use for authentication.

Example:

vulnapi scan openapi https://vulnapi.cerberauth.com/vulnerable/.well-known/openapi.json

The CLI provides detailed reports on any vulnerabilities detected during the scan. Below is an example of the output format:

Advice: There are some low-risk issues. It's advised to take a look.

In this example, each line represents a detected vulnerability, severity level (critical), vulnerability type, affected operation (GEThttp://localhost:8080/), and a description of the vulnerability.

All the vulnerabilities detected by the project are listed at this URL:API Vulnerabilities Detected.

More vulnerabilities and best practices will be added in future releases. If you have any suggestions or requests for additional vulnerabilities or best practices to be included, please feel free to open an issue or submit a pull request.

The scanner supports proxy configurations for scanning APIs behind a proxy server. To use a proxy, set theHTTP_PROXY orHTTPS_PROXY environment variables with the proxy URL.

A command arg--proxy is also available to specify the proxy URL.

The VulnAPI may support additional options for customizing scans or output formatting. Runvulnapi -h orvulnapi help command to view available options and their descriptions.

The scanner collects anonymous usage data to help improve the tool. This data includes the number of scans performed, number of detected vulnerabilities, and the severity of vulnerabilities. No sensitive information is collected. You can opt-out of telemetry by passing the--sqa-opt-out flag.

To view the complete CLI help, execute the following command:

vulnapi -h

Here is the output of the help command:

vulnapiUsage:  vulnapi [command]Available Commands:  completion  Generate the autocompletion scriptfor the specified shellhelp        Help about anycommand  jwt         Generate JWT tokens  scan        API Scan  serve       Start the serverFlags:  -h, --helphelpfor vulnapi      --sqa-opt-out   Opt out of sending anonymous usage statistics and crash reports tohelp improve the toolUse"vulnapi [command] --help"for more information about a command.

This scanner is provided for educational and informational purposes only. It should not be used for malicious purposes or to attack any system without proper authorization. Always respect the security and privacy of others.

This project used the following open-source libraries:

• SecLists
• projectdiscovery/wappalyzergo

This repository is licensed under theMIT License @CerberAuth. You are free to use, modify, and distribute the contents of this repository for educational and testing purposes.