在测试中偶尔会碰到swagger泄露 常见的泄露如图: 
有的泄露接口特别多,每一个都手动去试根本试不过来 于是用python写了个脚本自动爬取所有接口,配置好传参发包访问
原理是首先抓取http://url/swagger-resources 获取到有哪些标准及对应的文档地址 而后对每个标准下的接口文档进行解析,构造请求包,获取响应
尽量考虑到了所有可能的传参格式,实际测试只有少数几个会500或400响应需要手动修改一下,其余都是401或者200 200就是未授权访问接口了,可以进一步做其他诸如sqli等测试 运行时如图: 
所有测试结果都存储在csv中: 
欢迎大家关注稻草人安全团队,后续有更多技术文章、工具分享等 
Tamil Nadu Chief Minister's Relief Fund Donors Scrapped data from https://ereceipt.tn.gov.in/cmprf/Interface/CMPRF/MonthWiseReport Scrapper scrapper.p
A goody-bag of nifty plugins for pytest OS Build Coverage Plugin Description Supported OS pytest-server-fixtures Extensible server-running framework w
Nox - Flexible test automation for Python nox is a command-line tool that automates testing in multiple Python environments, similar to tox. Unlike to
github-follow-unfollow-bot This is a Python script for Github Bot which uses Selenium to Automate things. Pre-requisites :- Python A Github Account Re
Front End Test Automation Framework with Pytest Installation and running instructions: 1. To install the framework on your local machine: clone the re
BulldozerType This is a bot that can type without any assistance and have incredible speed. This bot currently only works on the site https://onlinety
BDD library for the py.test runner pytest-bdd implements a subset of the Gherkin language to enable automating project requirements testing and to fac
pytest-html pytest-html is a plugin for pytest that generates a HTML report for test results. Resources Documentation Release Notes Issue Tracker Code
Web Scraping with Python and Selenium The code shows how to do web scraping using Python and Selenium. We use as data the https://sbot.org.br/localize
nornir-scrapli-eos-lab Network automation lab using nornir, scrapli, and containerlab with Arista EOS. Objectives Deploy base configs to 4xArista devi
DRF OpenAPI Tester This is a test utility to validate DRF Test Responses against OpenAPI 2 and 3 schema. It has built-in support for: OpenAPI 2/3 yaml
Ducksploit Install Ducksploit Hacker setup raspberry pico Download https://githu
assertpy Simple assertions library for unit testing in Python with a nice fluent API. Supports both Python 2 and 3. Usage Just import the assert_that
PwnLnX An advanced multi-threaded, multi-client python reverse shell for hacking linux systems. There's still more work to do so feel free to help out
Webdriver Automation Plus ===================================== Description: Tests the user can save messages then find them in search and Saved items
🦾 Automation of NU Health Management System 🤖 長崎大学 健康管理システムの自動化 🏯 Usage / 使い方
Divide Et Impera And Scan (and also merge the scan results) DivideAndScan is used to efficiently automate port scanning routine by splitting it into 3
reCaptchaBypasser ' Usage : from selenium import webdriver from reCaptchaBypasser import reCaptchaScraper import time driver = webdriver.chrome(execu
aioresponses Aioresponses is a helper to mock/fake web requests in python aiohttp package. For requests module there are a lot of packages that help u
FreezeGun: Let your Python tests travel through time FreezeGun is a library that allows your Python tests to travel through time by mocking the dateti
5 May 18, 2021
492 Jan 03, 2023
941 Jan 03, 2023
10 Jul 01, 2022
2 Jun 17, 2022
1 Jan 03, 2022
1.1k Jan 09, 2023
1 Dec 01, 2021
13 Jul 07, 2022
103 Dec 21, 2022
2 Jan 31, 2022
19 Sep 10, 2022
212 Dec 24, 2022
1 Nov 08, 2021
3 Mar 04, 2022
226 Dec 30, 2022
8 Dec 17, 2022
402 Jan 06, 2023
3.5k Dec 29, 2022