在测试中偶尔会碰到swagger泄露 常见的泄露如图: 
有的泄露接口特别多,每一个都手动去试根本试不过来 于是用python写了个脚本自动爬取所有接口,配置好传参发包访问
原理是首先抓取http://url/swagger-resources 获取到有哪些标准及对应的文档地址 而后对每个标准下的接口文档进行解析,构造请求包,获取响应
尽量考虑到了所有可能的传参格式,实际测试只有少数几个会500或400响应需要手动修改一下,其余都是401或者200 200就是未授权访问接口了,可以进一步做其他诸如sqli等测试 运行时如图: 
所有测试结果都存储在csv中: 
欢迎大家关注稻草人安全团队,后续有更多技术文章、工具分享等 
django-test-migrations Features Allows to test django schema and data migrations Allows to test both forward and rollback migrations Allows to test th
Git Autofetch Git Autofetch is a simple software for fetching new changes from a repo to local repositories after a set time interval. This program is
DRF OpenAPI Tester This is a test utility to validate DRF Test Responses against OpenAPI 2 and 3 schema. It has built-in support for: OpenAPI 2/3 yaml
Automação de Processo: Código para acompanhar o valor de algumas ações na B3. O código entra no Google Drive, puxa os valores das ações (pré estabelec
rollup node experiments Test scripts etc. for experimental rollup testing. untested, work in progress python -m venv venv source venv/bin/activate #
Show, Edit and Tell: A Framework for Editing Image Captions | arXiv This contains the source code for Show, Edit and Tell: A Framework for Editing Ima
VOLTS Voip Open Linear Tester Suite Functional tests for VoIP systems based on voip_patrol and docker 10'000 ft. view System is designed to run simple
0hh1 - Solver Aims to solve the '0hh1 puzzle' for all the sizes (4x4, 6x6, 8x8, 10x10 12x12). for both the web version (using selenium) and on android
pytest-elasticsearch What is this? This is a pytest plugin that enables you to test your code that relies on a running Elasticsearch search engine. It
hyppo (HYPothesis Testing in PythOn, pronounced "Hippo") is an open-source software package for multivariate hypothesis testing.
AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.
Automatic test case generation for python and static analysis library
pytest-ansible-units An experimental pytest plugin to run an ansible collection's unit tests with pytest. Description pytest-ansible-units is a pytest
Descriptor Vector Exchange This repo provides code for learning dense landmarks without supervision. Our approach is described in the ICCV 2019 paper
Google-Hacking-Crawler 该脚本可输入Google Hacking语句,自动调用Chrome浏览器爬取结果 环境配置 python -m pip install -r requirements.txt 下载Chrome浏览器
Sixpack Sixpack is a framework to enable A/B testing across multiple programming languages. It does this by exposing a simple API for client libraries
INDXRipper Find index entries in $INDEX_ALLOCATION attributes Timeline created using mactime.pl on the combined output of INDXRipper and fls. See: sle
WomboAI Art Generator Automate AI art generation using wombot.art. Also integrated into SnailBot for you to try out. Setup Install Python Go to the py
api-testing-requests-pytest Install Make sure you have Python 3 installed on your machine. Then: 1.Install pipenv sudo apt-get install pipenv 2.Go to
pytest-sugar pytest-sugar is a plugin for pytest that shows failures and errors instantly and shows a progress bar. Requirements You will need the fol
382 Dec 27, 2022
10 Jul 21, 2022
103 Dec 21, 2022
1 Jan 08, 2022
14 Jan 25, 2022
76 Nov 25, 2022
17 Dec 30, 2022
1 Nov 05, 2021
65 Nov 10, 2022
137 Dec 18, 2022
6 Jan 28, 2022
253 Dec 21, 2022
9 Dec 09, 2022
74 Nov 29, 2022
4 Jun 21, 2022
1.7k Dec 24, 2022
32 Nov 05, 2022
7 Dec 03, 2022
2 Nov 21, 2021
963 Dec 28, 2022