OWASP OFFAT

OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from openapi specification file. It provides feature to automatically fuzz inputs and use user provided inputs during tests specified via YAML config file.

Demo

Security Checks

Restricted HTTP Methods
SQLi
BOLA
Data Exposure
BOPLA / Mass Assignment
Broken Access Control
Basic Command Injection
Basic XSS/HTML Injection test

Features

Few Security Checks from OWASP API Top 10
Automated Testing
User Config Based Testing
API for Automating tests and Integrating Tool with other platforms/tools
CLI tool
Dockerized Project for Easy Usage
Open Source Tool with MIT License

Try Tool

Install Tool using pip

python -m pip install offat

Run Tool

offat -f swagger_file.json

For more usage options read README.md

Name		Name	Last commit message	Last commit date
Latest commit History 78 Commits
.github/workflows		.github/workflows
assets/images		assets/images
src		src
.gitignore		.gitignore
404.html		404.html
CONTRIBUTING.md		CONTRIBUTING.md
Gemfile		Gemfile
LICENSE.md		LICENSE.md
README.md		README.md
SECURITY.md		SECURITY.md
_config.yml		_config.yml
index.md		index.md
info.md		info.md
leaders.md		leaders.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

OWASP OFFAT

Demo

Security Checks

Features

Try Tool

About

Uh oh!

Releases

Packages

Uh oh!

Languages

License

JMI-17/OFAPITEST

Folders and files

Latest commit

History

Repository files navigation

OWASP OFFAT

Demo

Security Checks

Features

Try Tool

About

Resources

License

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Languages

Packages