OFFAT: OFFensive Api Tester

OWASP OFFAT

OWASP OFFAT (OFFensive Api Tester) is created to automatically test API for common vulnerabilities after generating tests from the openapi specification file. It provides the feature to automatically fuzz inputs and use user-provided inputs during tests specified via the YAML config file.

Security Checks

•  Restricted HTTP Methods
•  SQLi
•  BOLA (Might need few bug fixes)
•  Data Exposure (Detects Common Data Exposures)
•  BOPLA / Mass Assignment
•  Broken Access Control
•  Basic Command Injection
•  Basic XSS/HTML Injection test
•  Broken Authentication

Features

• Few Security Checks from OWASP API Top 10
• Automated Testing
• User Config Based Testing
• API for Automating tests and Integrating Tool with other platforms/tools
• CLI tool
• Proxy Support
• Dockerized Project for Easy Usage
• Open Source Tool with MIT License

Install

Copyright (C) 2024 dmdhrumilmistry