{"id":13765084,"url":"https://github.com/KissPeter/APIFuzzer","last_synced_at":"2025-05-10T20:31:39.342Z","repository":{"id":39542570,"uuid":"116009897","full_name":"KissPeter/APIFuzzer","owner":"KissPeter","description":"Fuzz test your application using your OpenAPI or Swagger API definition without coding","archived":false,"fork":false,"pushed_at":"2025-03-06T03:26:12.000Z","size":359,"stargazers_count":442,"open_issues_count":8,"forks_count":69,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-20T08:50:07.812Z","etag":null,"topics":["api-blueprint","fuzz","fuzzer","openapi","python3","swagger"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/KissPeter.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-01-02T11:49:13.000Z","updated_at":"2025-03-13T06:11:41.000Z","dependencies_parsed_at":"2024-07-16T14:22:57.977Z","dependency_job_id":null,"html_url":"https://github.com/KissPeter/APIFuzzer","commit_stats":{"total_commits":303,"total_committers":14,"mean_commits":"21.642857142857142","dds":"0.35973597359735976","last_synced_commit":"923f988ae5661679377166f7f1204e8c6ad2c1a4"},"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KissPeter%2FAPIFuzzer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KissPeter%2FAPIFuzzer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KissPeter%2FAPIFuzzer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/KissPeter%2FAPIFuzzer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/KissPeter","download_url":"https://codeload.github.com/KissPeter/APIFuzzer/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253480502,"owners_count":21915248,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-blueprint","fuzz","fuzzer","openapi","python3","swagger"],"created_at":"2024-08-03T16:00:33.716Z","updated_at":"2025-05-10T20:31:35.550Z","avatar_url":"https://github.com/KissPeter.png","language":"Python","funding_links":[],"categories":["Tools","Python"],"sub_categories":[],"readme":"[![Join the chat at https://gitter.im/API-Fuzzer/Lobby](https://badges.gitter.im/API-Fuzzer/Lobby.svg)](https://gitter.im/API-Fuzzer/Lobby?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge)\n[![Test Coverage](https://api.codeclimate.com/v1/badges/bfc9bda00deb5002b665/test_coverage)](https://codeclimate.com/github/KissPeter/APIFuzzer/test_coverage)\n[![Codacy Badge](https://api.codacy.com/project/badge/Grade/eab6434d9bd742e3880d8f589a9cc0a6)](https://www.codacy.com/app/KissPeter/APIFuzzer?utm_source=github.com\u0026utm_medium=referral\u0026utm_content=KissPeter/APIFuzzer\u0026utm_campaign=badger)\n[![Maintainability](https://api.codeclimate.com/v1/badges/bfc9bda00deb5002b665/maintainability)](https://codeclimate.com/github/KissPeter/APIFuzzer/maintainability)\n[![Pypi downloads](https://img.shields.io/pypi/dw/APIFuzzer)](https://pypistats.org/packages/apifuzzer)\n[![CI](https://github.com/KissPeter/APIFuzzer/actions/workflows/python-app.yml/badge.svg)](https://github.com/KissPeter/APIFuzzer/actions)\n\n# APIFuzzer — HTTP API Testing Framework\n\nAPIFuzzer reads your API description and step by step fuzzes the fields to validate \nif you application can cope with the fuzzed parameters. Does not require coding.\n\n## APIFuzzer main features\n\n* Parse API definition from local file or remote URL\n* JSON and YAML file format support\n* All HTTP methods are supported\n* Fuzzing of request body, query string, path parameter and request header are supported\n* Relies on random mutations\n* Support CI integration \n * Generate JUnit XML test report format\n * Send request to alternative URL\n * Support HTTP basic auth from configuration\n * Save report of failed test in JSON format into the pre-configured folder\n * Log to stdout instead of syslog\n* Configurable log level\n\n### Supported API definition formats\n- [Swagger][]\n- [OpenAPI][]\n\n### Planned\n- [GraphQL][]\n- [API Blueprint][]\n\n## Installation\n\n### With PIP\n\n#### Pre-requirements\n1. Python3\n2. sudo apt install libcurl4-openssl-dev libssl-dev libcurl4-nss-dev (on Ubuntu 18.04, required by pycurl)\n3. sudo apt install gcc libcurl4-nss-dev (on Ubuntu 20.04, required by pycurl)\n\nLatest version:\n\n```shell\npip3 install APIFuzzer\n```\nDevelopment version: \nFetch the most recent code from GitHub\n```shell\n$ git clone https://github.com/KissPeter/APIFuzzer.git\n```\nInstall requirements. If you don't have pip installed, then sudo apt-get install python3-pip -y \n```shell\n$ pip3 install -r APIFuzzer/requirements.txt\n```\n\n### Using Docker\n\n```shell\n$ docker pull kisspeter/apifuzzer:latest\n```\n\n## Quick Start\n\nCheck the help (some of them are not implemented yet):\n```shell\n\n$$ usage: APIFuzzer [-h] [-s SRC_FILE] [--src_url SRC_URL] [-r REPORT_DIR] [--level LEVEL] [-u ALTERNATE_URL] [-t TEST_RESULT_DST]\n [--log {critical,fatal,error,warn,warning,info,debug,notset}] [--basic_output BASIC_OUTPUT] [--headers HEADERS] [-v ,--version]\n\nAPIFuzzer configuration\n\noptional arguments:\n -h, --help show this help message and exit\n -s SRC_FILE, --src_file SRC_FILE\n API definition file path. JSON and YAML format is supported\n --src_url SRC_URL API definition url. JSON and YAML format is supported\n -r REPORT_DIR, --report_dir REPORT_DIR\n Directory where error reports will be saved. Default is temporally generated directory\n --level LEVEL Test deepness: [1,2], the higher is the deeper (In progress)\n -u ALTERNATE_URL, --url ALTERNATE_URL\n Use CLI defined url instead compile the url from the API definition. Useful for testing\n -t TEST_RESULT_DST, --test_report TEST_RESULT_DST\n JUnit test result xml save path\n --log {critical,fatal,error,warn,warning,info,debug,notset}\n Use different log level than the default WARNING\n --basic_output BASIC_OUTPUT\n Use basic output for logging (useful if running in jenkins). Example --basic_output=True\n --headers HEADERS Http request headers added to all request. Example: '[{\"Authorization\": \"SuperSecret\"}, {\"Auth2\": \"asd\"}]'\n\n```\n\n## Usage examples:\n\n### Installed package\n\nStart the sample application (install the necessary packages listed in test/requirements_for_test.txt):\n\n```shell\n$ python3 test/test_application.py\n```\nStart the fuzzer:\n\n```shell\n$ APIFuzzer -s test/test_api/openapi_v2.json -u http://127.0.0.1:5000/ -r /tmp/reports/ --log debug \n```\nCheck the reports:\n\n```shell\n$ ls -1 /tmp/reports/\n```\nReport example:\n\n```shell\n$ json_pp \u003c /tmp/reports/79_1573993485.5391517.json\n{\n \"response\" : \"Test application exception: invalid literal for int() with base 10: '0\\\\x00\\\\x10'\",\n \"sub_reports\" : [],\n \"parsed_status_code\" : 500,\n \"state\" : \"COMPLETED\",\n \"test_number\" : 79,\n \"request_body\" : null,\n \"reason\" : \"failed\",\n \"name\" : \"target\",\n \"request_url\" : \"http://127.0.0.1:5000/exception/0\\u0000\\u0010\",\n \"request_method\" : \"GET\",\n \"status\" : \"failed\",\n \"request_headers\" : \"{\\\"User-Agent\\\": \\\"APIFuzzer\\\", \\\"Accept-Encoding\\\": \\\"gzip, deflate\\\", \\\"Accept\\\": \\\"*/*\\\", \\\"Connection\\\": \\\"keep-alive\\\"}\"\n}\n```\n\n### Docker\n\n#### Tested service runs on docker host\n\nNotes \n\u003e * Use http://host.docker.internal instead of http://127.0.0.1 or http://localhost in the references. Read [Docker cocumentation](https://docs.docker.com/desktop/networking/#i-want-to-connect-from-a-container-to-a-service-on-the-host) for further explanation\n\u003e * You need to attach a volume like in this example to share files and folders with the container:\n\n```shell\ndocker run --volume results:/results/ kisspeter/apifuzzer --src_url http://host.docker.internal:8000/openapi.json --url http://host.docker.internal:8000 --test_report /results/junit.xml --report /results/report/ ```\n```\n#### Tested service runs in other docker container\nNotes \n\u003e * Define `--net` at startup to attach this docker to an existing network. Read [Docker cocumentation](https://docs.docker.com/network/network-tutorial-standalone/#use-user-defined-bridge-networks) for further explanation\n\u003e * Use http://CONTAINERNAME instead of http://127.0.0.1 or http://localhost in the references. \n\u003e * You need to attach a volume like in this example to share files and folders with the container:\n\n```shell\ndocker run --volume results:/results/ kisspeter/apifuzzer --net fastapi-performance-optimization_default kisspeter/apifuzzer --src_url http://fastapi-performance-optimization:8000/openapi.json -u http://fastapi-performance-optimization:8000 --test_report /results/junit.xml --report /results/report/```\n```\n\n[API Blueprint]: https://apiblueprint.org/\n[Swagger]: http://swagger.io/\n[OpenAPI]: https://swagger.io/docs/specification/about/\n[GraphQL]: https://graphql.org/\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKissPeter%2FAPIFuzzer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FKissPeter%2FAPIFuzzer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FKissPeter%2FAPIFuzzer/lists"}