Skip to content

Commit adb72e1

Browse files
lalithr95lalithr95
authored
Update documentation
1 parent 26f67cb commit adb72e1

File tree

1 file changed

+53
-4
lines changed

1 file changed

+53
-4
lines changed

README.md

Lines changed: 53 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,17 @@
11
# APIFuzzer
22

3-
Welcome to your new gem! In this directory, you'll find the files you need to be able to package up your Ruby library into a gem. Put your Ruby code in the file `lib/API_Fuzzer`. To experiment with that code, run `bin/console` for an interactive prompt.
4-
5-
TODO: Delete this and the text above, and describe your gem
3+
`API_Fuzzer` gem accepts a API request as input and returns vulnerabilities possible in the API. Following are the main check involved in API_Fuzzer gem
4+
5+
- Cross-site scripting vulnerability
6+
- SQL injection
7+
- Blind SQL injection
8+
- XML External entity vulnerability
9+
- IDOR (in specific cases)
10+
- API Rate Limiting
11+
- Open redirect vulnerabilities
12+
- Information Disclosure flaws
13+
- Info leakage through headers
14+
- Cross-site request forgery vulnerability
615

716
## Installation
817

@@ -22,14 +31,54 @@ Or install it yourself as:
2231

2332
## Usage
2433

25-
TODO: Write usage instructions here
34+
Run `bin/console`
35+
36+
Lets say you have following endpoint
37+
38+
```
39+
POST /api/v2/credit_cards/123
40+
41+
Host: test.host.com
42+
User-Agent: Mozilla Firefox
43+
Auth: Basic Adnjefnef443nr4jh4h
44+
{ credit_card: '4242424242424242', expiry: '07/17', cvv: '123', name: 'First name' }
45+
```
46+
47+
API_Fuzzer module comes with static method `scan` and accepts above request
48+
```ruby
49+
require 'API_Fuzzer'
50+
51+
options = {
52+
url: 'http://test.host.com/api/v2/credit_cards/123',
53+
params: {
54+
credit_card: '4242424242424242',
55+
expiry: '07/17',
56+
cvv: '123',
57+
name: 'First name'
58+
},
59+
method: ['POST'],
60+
headers: {
61+
'Host' => 'test.host.com',
62+
'User-Agent' => 'Mozilla Firefox',
63+
'Auth' => 'Basic Adnjefnef443nr4jh4h'
64+
}
65+
}
66+
vulnerabilities = API_Fuzzer.scan(options)
67+
```
68+
`vulnerabilites` is an array of vulnerability, each distinguished with impact type, title and description.
69+
70+
71+
Above Ruby code can be painful for writing ruby script for each request. [Fuzzapi](https://github.com/lalithr95/Fuzzapi) is a rails application which integrates and bundles API_Fuzzer and brings UI changes to easily scan API endpoints.
2672

2773
## Development
2874

2975
After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
3076

3177
To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and tags, and push the `.gem` file to [rubygems.org](https://rubygems.org).
3278

79+
If you have any issue, we would be happy to help. You can create an issue in repository or contact any of following twitter handles
80+
@abhijeth, @srini0x00, @lalithr95
81+
3382
## Contributing
3483

3584
Bug reports and pull requests are welcome on GitHub at https://github.com/[USERNAME]/API_Fuzzer. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.

0 commit comments

Comments
 (0)