OWASP OFFAT

OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from openapi specification file. It provides feature to automatically fuzz inputs and use user provided inputs during tests specified via YAML config file.

UnDocumented petstore API endpoint HTTP method results

Demo

Security Checks

Restricted HTTP Methods
SQLi
BOLA
Data Exposure
BOPLA / Mass Assignment
Broken Access Control
Basic Command Injection
Basic XSS/HTML Injection test

Features

Few Security Checks from OWASP API Top 10
Automated Testing
User Config Based Testing
API for Automating tests and Integrating Tool with other platforms/tools
CLI tool
Dockerized Project for Easy Usage
Open Source Tool with MIT License

Try Tool

Install Tool using pip

python -m pip install offat

Run Tool

offat -f swagger_file.json

For more usage options read Project Repo README.md

Watch Star

OWASP OFFAT

Demo

Security Checks

Features

Try Tool

Offensive API Tester Information

Code Repository

Leaders

Upcoming OWASP Global Events

OWASP OFFAT

Demo

Security Checks

Features

Try Tool

Offensive API Tester Information

Downloads or Social Links

Code Repository

Leaders

Upcoming OWASP Global Events