{"id":13390865,"url":"https://github.com/ant4g0nist/Susanoo","last_synced_at":"2025-03-13T15:32:15.202Z","repository":{"id":65366817,"uuid":"96183780","full_name":"ant4g0nist/Susanoo","owner":"ant4g0nist","description":"A REST API security testing framework. ","archived":true,"fork":false,"pushed_at":"2021-12-04T14:18:00.000Z","size":30,"stargazers_count":324,"open_issues_count":0,"forks_count":63,"subscribers_count":16,"default_branch":"main","last_synced_at":"2024-08-01T14:19:00.792Z","etag":null,"topics":["pentest-tool","pentesting","python","rest-api","security","security-tools"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ant4g0nist.png","metadata":{"files":{"readme":"ReadMe.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-07-04T06:36:36.000Z","updated_at":"2024-05-28T18:40:03.000Z","dependencies_parsed_at":null,"dependency_job_id":"153bbc36-583c-41d8-97ca-6d83bdd2422d","html_url":"https://github.com/ant4g0nist/Susanoo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FSusanoo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FSusanoo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FSusanoo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ant4g0nist%2FSusanoo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ant4g0nist","download_url":"https://codeload.github.com/ant4g0nist/Susanoo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":221380090,"owners_count":16809018,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["pentest-tool","pentesting","python","rest-api","security","security-tools"],"created_at":"2024-07-30T14:01:32.115Z","updated_at":"2024-10-25T03:30:48.199Z","avatar_url":"https://github.com/ant4g0nist.png","language":"Python","funding_links":[],"categories":["Python"],"sub_categories":[],"readme":"Susanoo:\n=================================================\n\n\tSusanoo is a REST API security testing framework. \n\n##\tFeatures\n\n- Configurable inputs/outputs formats\n- API Vulnerability Scan: Normal scanning engine that scans for IDOR, Authentication issues, SQL injections, Error stacks.\n- Smoke Scan: Custom output checks for known pocs can be configured to run daily.\n\n## Types of Scans:\n\t* API Vulnerability Scan\n\t\t**  Scans for following bugs:\n\t\t\t***   Indirect Object References\n\t\t\t***   Authentication issues\n\t\t\t***   SQL injections\n\t\t\t***   Error stacks\n\n\t* Smoke Scan\n\t\t**  A known Proof-of-concept can be configured to run daily/weekly etc.\n\t\t\n\n## Configuration:\n \n\tSusanoo takes yaml files in configuration. Please check the examples folder for sample configuration files.\n\n\n##\tParameter Types:\n~~~\n\tresource --\u003e static\n\t\tEg: In the following example the value \"password\" is used for grant_type:\n\n\t\t\tpassword: {\"type\":\"resource\", \"required\":True, \"value\":\"p@ssw0rd\"}\n\n\thex-n:\n\t\tGenerate hex of length n.\n\t\t\tEg: a hex value of length 16 is generated for uniqueId in below example:\n\n\t\t\t\tid: {'type':'hex-16', 'required': True} \n\n\tint-n:\n\t\tGenerates int of size n\n\t\t\tEg: a int value of size 4 is generated for uniqueId in below example:\n\t\t\t\n\t\t\t\tbonus: {'type':'int-4', 'required':'True'}\n\n\temail:\n\t\tGenerates random email id\n\t\t\tEg: a random email id is generated and assigned for email_id\n\n\t\t\t\temail_id: {\"type\":\"email\", \"required\":True}\n\n\tusername:\n\t\tGenerates random username\n\t\t\tEg: a random username is generated and assigned for username\n\n\t\t\t\tusername: {\"type\":\"username\", \"required\":True}\n\n\tstring:\n\t\tGenerates random strings\n\t\t\tEg: generates random strings of variable length.\n\n\t\t\t\tstring: {\"type\":\"string\", \"required\":True}\n\n~~~\n\n## Donation:\n\nIf you like the project, you can buy me beers :) \n\n[![Donate Bitcoin](https://img.shields.io/badge/donate-bitcoin-green.svg)](https://ant4g0nist.github.io)\n\n\n## Installation:\n\n\t^^/D/projects \u003e\u003e\u003e git clone https://github.com/ant4g0nist/susanoo\n\t^^/D/projects \u003e\u003e\u003e cd susanoo\n    ^^/D/p/susanoo \u003e\u003e\u003e sudo pip install -r requirements.txt\n\n## Usage:\n\t\n\t^^/D/p/susanoo \u003e\u003e\u003e cd db\n\t^^/D/p/s/db \u003e\u003e\u003e sudo mongod --dbpath . --bind_ip=127.0.0.1\t\n\n\t^^/D/p/susanoo \u003e\u003e\u003e python susanoo.py\n\n\n##\tTODO:\n\n- [ ] Use celery/scheduler to schedule the scans\n- [ ] Chain apis together? pickup value from one api and use in another\n- [ ] Add more vulnerability checks\n- [ ] Make it more reliable\n- [ ] Parallelize scans using Celery\n- [ ] Add better reporting\n\n## Thanks:\n\n- Go-Jek Security Team\n- [restfuzz](https://github.com/redhat-cip/restfuzz)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fant4g0nist%2FSusanoo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fant4g0nist%2FSusanoo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fant4g0nist%2FSusanoo/lists"}