What is sj (swaggerjacker)?
sj is a command-line tool designed for auditing exposed Swagger/OpenAPI definition files. It checks the associated API endpoints for weak authentication and provides command templates for manual vulnerability testing. The tool parses the definition file for paths, parameters, and accepted methods, using this information to execute various commands aimed at identifying vulnerabilities in API security.
Key Commands
- automate: Crafts a series of requests to each defined endpoint and analyzes the status code of the response.
- prepare: Generates a list of commands for manual testing, supporting both
curlandsqlmap. Users may need to modify these commands slightly for their specific needs. - endpoints: Produces a list of raw API routes extracted from the definition file without replacing path values with test data.
- brute: Sends a series of requests to a target to identify operation definitions based on commonly used file paths.
Usage
Automate Command
The automate command is used to send a series of requests to each defined endpoint and analyze the status codes of the responses.
$ sj automate -u https://petstore.swagger.io/v2/swagger.json -qPrepare Command
The prepare command generates a list of commands for manual testing, currently supporting both curl and sqlmap. Users might need to make slight modifications.
$ sj prepare -u https://petstore.swagger.io/v2/swagger.json -qEndpoints Command
Use the endpoints command to generate a list of raw API endpoints from the provided Swagger definition file.
$ sj endpoints -u https://petstore.swagger.io/v2/swagger.jsonBrute Command
The brute command sends a series of requests in an attempt to discover a definition file on the target server.
$ sj brute -u https://petstore.swagger.io/v2/swagger.json-------------------------------------------------------------------------------
More Information
For additional information and updates on sj, visit the project's official GitHub repository: sj (swaggerjacker) (opens in a new tab).