Fuzzapi and API-fuzzer have been inventoried on Rawsec's CyberSecurity Inventory.

https://inventory.rawsec.ml/tools.html#API-fuzzer
https://inventory.rawsec.ml/tools.html#Fuzzapi

What is Rawsec's CyberSecurity Inventory?

An inventory of tools and resources about CyberSecurity. This inventory aims to help people to find everything related to CyberSecurity.

More details about features here.

Note: the inventory is a FLOSS (Free, Libre and Open-Source Software) project.

Why should you care about being inventoried?

Mainly because this is giving visibility to your tool and improve its referencing.

Badges

The badge shows to your community that your are inventoried. It looks good but also shows you care about your project, that your tool is referenced.

Feel free to claim your badge here: http://inventory.rawsec.ml/features.html#badges, it looks like that , but there are several styles available.

Want to thank us?

If you want to thank us, you can help make our open project better known by tweeting about it! For example:

So what?

That's all, this message is just to notify you if you care. Else you can close this issue.

i am passing cookie as:

options = {
  url: 'http://test.host.com/api/v2/credit_cards/123',
  cookies: 'PHPSESSID=98803810dagadabdjabdja',
  params: {
    name: 'First name'
  },
  method: ['GET'],
  headers: {
    'Host' => 'test.host.com',
    'User-Agent' => 'Mozilla Firefox',
    'Content-Type' => 'application/json',
  }
}

But when passing this options to Scan, i am getting undefined method `each_with_object' for #<String:0x007fe5fb9635c8>

Can you please help me in passing cookie in a right manner. @lalithr95 @Os-carsun

Thanks

I'm unable to install this tool. I am issuing the following commands:
└─$ git clone https://github.com/Fuzzapi/API-fuzzer.git
Cloning into 'API-fuzzer'...
remote: Enumerating objects: 372, done.
remote: Total 372 (delta 0), reused 0 (delta 0), pack-reused 372
Receiving objects: 100% (372/372), 63.16 KiB | 417.00 KiB/s, done.
Resolving deltas: 100% (186/186), done.

┌──(kali㉿kali)-[~/Downloads]
└─$ cd API-fuzzer

┌──(kali㉿kali)-[~/Downloads/API-fuzzer]
└─$ ls
API_Fuzzer.gemspec CODE_OF_CONDUCT.md lib Rakefile test
app config LICENSE.txt README.md
bin Gemfile payloads rules

┌──(kali㉿kali)-[/Downloads/API-fuzzer]
└─$ bin/console
Bundler could not find compatible versions for gem "bundler":
In Gemfile:
bundler (> 1.12)

Current Bundler version:
bundler (2.3.15)

Your bundle requires a different version of Bundler than the one you're running.
Install the necessary version with gem install bundler:1.17.3 and rerun bundler using console _1.17.3_

┌──(kali㉿kali)-[~/Downloads/API-fuzzer]
└─$ sudo gem install bundler:1.17.3
Successfully installed bundler-1.17.3
Parsing documentation for bundler-1.17.3
Done installing documentation for bundler after 1 seconds
1 gem installed

┌──(kali㉿kali)-[/Downloads/API-fuzzer]
└─$ bin/console 1.17.3
Bundler could not find compatible versions for gem "bundler":
In Gemfile:
bundler (> 1.12)

Current Bundler version:
bundler (2.3.15)

Your bundle requires a different version of Bundler than the one you're running.
Install the necessary version with gem install bundler:1.17.3 and rerun bundler using console _1.17.3_ _1.17.3_

Can you please advise? I'd really like to use this tool. I see it had originally came out 6 years ago so I'm thinking perhaps the tool isn't being updated.

• Information Leak which includes server information, version disclosures
• Header info disclosure which detects Clickjacking, lack of HSTS, X-XSS protection etc.
• XSS module which should detect all kinds of xss, which need to be done with regex match.
• SQL injection Mostly error based which will be based on regex match of responses.
• XXE check
• Open Redirect vulnerability check
• Privilege Escalation or IDOR specifically - Little complicated a generic approach need to be used.
• API rate limit check

/cc: @abhijeth @srini0x00