module API_Fuzzer
Public Class Methods
scan(options = {})
click to toggle source
Scans all the checks
# File lib/API_Fuzzer.rb, line 18 def self.scan(options = {}) vulnerabilities = [] options.freeze vulnerabilities << static_analysis(options) vulnerabilities << API_Fuzzer::XssCheck.scan(options) vulnerabilities << API_Fuzzer::SqlCheck.scan(options) vulnerabilities << API_Fuzzer::SqlBlindCheck.scan(options) vulnerabilities << API_Fuzzer::RedirectCheck.scan(options) vulnerabilities << API_Fuzzer::IdorCheck.scan(options) vulnerabilities << API_Fuzzer::RateLimitCheck.scan(options) vulnerabilities << API_Fuzzer::CsrfCheck.scan(options) vulnerabilities << API_Fuzzer::PrivilegeEscalationCheck.scan(options) API_Fuzzer::XxeCheck.scan(options) vulnerabilities.uniq.flatten end
static_analysis(options = {})
click to toggle source
# File lib/API_Fuzzer.rb, line 35 def self.static_analysis(options = {}) response = API_Fuzzer::Request.send_api_request(url: options[:url], cookies: options[:cookies]) issues = [] issues << API_Fuzzer::ResourceInfo.scan(response) issues << API_Fuzzer::HeaderInfo.scan(response) issues end