module API_Fuzzer

Public Class Methods

scan(options = {}) click to toggle source

Scans all the checks

# File lib/API_Fuzzer.rb, line 18
def self.scan(options = {})
  vulnerabilities = []
  options.freeze

  vulnerabilities << static_analysis(options)
  vulnerabilities << API_Fuzzer::XssCheck.scan(options)
  vulnerabilities << API_Fuzzer::SqlCheck.scan(options)
  vulnerabilities << API_Fuzzer::SqlBlindCheck.scan(options)
  vulnerabilities << API_Fuzzer::RedirectCheck.scan(options)
  vulnerabilities << API_Fuzzer::IdorCheck.scan(options)
  vulnerabilities << API_Fuzzer::RateLimitCheck.scan(options)
  vulnerabilities << API_Fuzzer::CsrfCheck.scan(options)
  vulnerabilities << API_Fuzzer::PrivilegeEscalationCheck.scan(options)
  API_Fuzzer::XxeCheck.scan(options)
  vulnerabilities.uniq.flatten
end
static_analysis(options = {}) click to toggle source
# File lib/API_Fuzzer.rb, line 35
def self.static_analysis(options = {})
  response = API_Fuzzer::Request.send_api_request(url: options[:url], cookies: options[:cookies])
  issues = []

  issues << API_Fuzzer::ResourceInfo.scan(response)
  issues << API_Fuzzer::HeaderInfo.scan(response)
  issues
end