Skip to content

Latest commit

 

History

History
140 lines (98 loc) · 4.52 KB

README.md

File metadata and controls

140 lines (98 loc) · 4.52 KB

vulnapi logo


Join Discord GitHub Workflow Status Latest version Github Repo Stars License

VulnAPI: An API Security Vulnerability Scanner

VulnAPI is an Open-Source DAST designed to help you scan your APIs for common security vulnerabilities and weaknesses.

By using this tool, you can detect and mitigate security vulnerabilities in your APIs before they are exploited by attackers.

Use this action to scan your project for vulnerabilities with VulnAPI.

Vulnerabilities Detected

All the vulnerabilities detected by the project are listed at this URL: API Vulnerabilities Detected.

More vulnerabilities and best practices will be added in future releases. If you have any suggestions or requests for additional vulnerabilities or best practices to be included, please feel free to open an issue or submit a pull request.

Example usage

Using OpenAPI

name: Scan for API vulnerabilities

on: [push]

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: VulnAPI
        uses: cerberauth/vulnapi-action@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          openapi: 'openapi.yaml'

Using Curl

name: Scan for API vulnerabilities

on: [push]

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: VulnAPI
        uses: cerberauth/vulnapi-action@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          curl:
            'curl http://localhost:8080 -H "Authorization: Bearer eyJhbGci..."'

Inputs

General

Name Required Description Default
version false The version of the file to scan. latest

Curl Scan Options

Name Required Description Default
curl false The curl command to scan.

OpenAPI Scan Options

Name Required Description Default
openapi false The OpenAPI file location (path or URL)

VulnAPI Supported Flags

Name Required Description Default
scans false The scans performed. all
excludeScans false The scans to exclude.
rateLimit false The rate limit used to run API vulnerability scans. 10/s
proxy false The proxy server used during the scan.
severityThreshold false The severity threshold to trigger a failure. 0

Outputs

Scan results are output to the console.

Disclaimer

This scanner is provided for informational purposes only. It should not be used for malicious purposes or to attack any system without proper authorization. Always respect the security and privacy of others.

Telemetry

VulnAPI collects fully anonymized usage data to help improve the tool. This data is not shared with third parties. You can opt-out of telemetry by setting the telemetry option to false.

License

This repository is licensed under the MIT License @ CerberAuth.