Skip to content

RhinoSecurityLabs/Swagger-EZ

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Swagger-EZ

A tool geared towards pentesting APIs using OpenAPI definitions.

We have a version hosted here: https://rhinosecuritylabs.github.io/Swagger-EZ/

Blog post: https://rhinosecuritylabs.com/application-security/simplifying-api-pentesting-swagger-files/

Setup

git clone https://github.com/RhinoSecurityLabs/Swagger-EZ.git

Open index.html in your browser.

Usage

Once the UI is loaded into the browser, we suggest pressing F12 to have the browser console open to watch for potential errors.

Configure your browser to use the proxy tool you would like i.e. Burp Suite.

Now you can insert the URL containing the Swagger 2.0 JSON or simply copy and paste an entire JSON Swagger 2.0 blob into the input field.

Pressing load will parse the JSON and load the input fields for the parameters that need to be filled out.

Fill out each parameters with some data and when ready press send.

You should see the site tree of your proxy filling up. Demo

About

A tool geared towards pentesting APIs using OpenAPI definitions.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages