在测试中偶尔会碰到swagger泄露 常见的泄露如图: 
有的泄露接口特别多,每一个都手动去试根本试不过来 于是用python写了个脚本自动爬取所有接口,配置好传参发包访问
原理是首先抓取http://url/swagger-resources 获取到有哪些标准及对应的文档地址 而后对每个标准下的接口文档进行解析,构造请求包,获取响应
尽量考虑到了所有可能的传参格式,实际测试只有少数几个会500或400响应需要手动修改一下,其余都是401或者200 200就是未授权访问接口了,可以进一步做其他诸如sqli等测试 运行时如图: 
所有测试结果都存储在csv中: 
欢迎大家关注稻草人安全团队,后续有更多技术文章、工具分享等 
hyppo (HYPothesis Testing in PythOn, pronounced "Hippo") is an open-source software package for multivariate hypothesis testing.
FauxFactory FauxFactory generates random data for your automated tests easily! There are times when you're writing tests for your application when you
pytest-pikachu pytest-pikachu prints ascii art of Surprised Pikachu when all tests pass. Installation $ pip install pytest-pikachu Usage Pass the --p
A suite of benchmarks for CPU and GPU performance of the most popular high-performance libraries for Python :rocket:
tox automation project Command line driven CI frontend and development task automation tool At its core tox provides a convenient way to run arbitrary
SAT Benchmarking Some early work in progress tooling for running benchmarks and keeping track of the results when working on SAT solvers and related t
Proxmox PCI Switcher Switch among Guest VMs organized by Resource Pool. main features: ONE GPU card, N OS (at once) Guest VM command client Handler po
Testing Calculations in Python, using OOP (Object-Oriented Programming) Create environment with venv python3 -m venv venv Activate environment . venv
Ducksploit Install Ducksploit Hacker setup raspberry pico Download https://githu
pytest-lazy-fixture Use your fixtures in @pytest.mark.parametrize. Installation pip install pytest-lazy-fixture Usage import pytest @pytest.fixture(p
PyBuster A directory busting tool for web application penetration tester, written in python. Supports custom wordlist,recursive search. Screenshots Pr
Doggo Browser Quick Start $ python3 -m venv ./venv/ $ source ./venv/bin/activate $ pip3 install -r requirements.txt $ ./sobaki.py References Heavily I
pytest-typechecker this is a plugin for pytest that allows you to create tests t
Simple Selenium The aim of this package is to quickly get started with working with selenium for simple browser automation tasks. Installation Install
aiounittest Info The aiounittest is a helper library to ease of your pain (and boilerplate), when writing a test of the asynchronous code (asyncio). Y
show python coverage information directly in emacs
Connexion Faker Get Started Install With poetry: poetry add connexion-faker # a
Get Started Insert C++ Codes Add Test Code Run Test Samples Check Coverages Insert C++ Codes you can easily add c++ files in /inputs directory there i
Async-Animanga An Async/Aiohttp compatible library. Async-Animanga is an async ready web scraping library that returns Manga information from animepla
splinter - python tool for testing web applications splinter is an open source tool for testing web applications using Python. It lets you automate br
137 Dec 18, 2022
37 Sep 23, 2022
13 Apr 15, 2022
255 Jan 04, 2023
3.1k Jan 04, 2023
1 Dec 26, 2021
111 Dec 27, 2022
1 Nov 11, 2021
2 Jan 31, 2022
299 Dec 24, 2022
4 Jan 30, 2022
9 Dec 12, 2022
2 Aug 20, 2022
1 Oct 27, 2021
55 Oct 30, 2022
30 Oct 26, 2022
6 Dec 19, 2022
2 Aug 03, 2022
3 Sep 22, 2022
2.6k Dec 27, 2022