API

Autoswagger: Automate API Security Testing for Unauthenticated Endpoints (Free & Open-source)

Hazem Abbas

Hazem Abbas

3 min read
Autoswagger: Automate API Security Testing for Unauthenticated Endpoints (Free & Open-source)

What is Autoswagger?

Autoswagger is a command-line tool focused on API security testing. It automatically discovers, parses, and tests endpoints defined in Swagger/ OpenAPI documentation for common vulnerabilities.

Its primary goal is to identify unauthenticated API endpoints that might be leaking sensitive information like Personally Identifiable Information (PII) or secrets.

It works by finding the API specification (via direct URL, Swagger UI, or common paths), extracting the endpoints, and then testing them, often concurrently, for potential security issues.

While still under heavy development, it offers a useful starting point for automated API reconnaissance and vulnerability detection.

12 Open-source API Testing Frameworks for REST-API and GraphQL
API testing frameworks are tools or libraries that provide a structured approach to testing Application Programming Interfaces (APIs). They offer a set of functions, methods, and utilities to automate the process of API testing. Purpose of API Testing Frameworks API testing frameworks are used to: * Automate the testing of APIs
MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

Features

Features List:

  • Swagger/OpenAPI Discovery:
    • Parses specifications directly from a provided URL ending in .json, .yaml, or .yml.
    • Extracts specifications from Swagger UI pages (e.g., /swagger-ui.html).
    • Attempts brute-force discovery using common OpenAPI schema file locations (e.g., /swagger.json, /openapi.json).
  • Automated Endpoint Testing:
    • Systematically tests discovered API endpoints for vulnerabilities.
    • Supports parallel, multi-threaded testing of endpoints.
    • Includes configurable rate limiting (-rate).
  • Parameter Brute-Forcing:
    • Option (-b or --brute) to test endpoints with example values for parameters, attempting to bypass validation.
  • PII Detection:
    • Integrates Presidio for identifying PII like phone numbers, emails, addresses, and names.
    • Includes context validation to reduce false positives.
    • Parses PII from CSV rows and simple "key: value" formatted lines.
  • Secrets Detection:
    • Uses regex patterns to identify exposed tokens, keys, and debugging artifacts (like environment variables).
  • Response Analysis:
    • Flags large or potentially interesting API responses.
  • Flexible Output:
    • Default table format for easy reading.
    • JSON output option (-json).
    • Filtered output mode (-product) showing only results with PII, secrets, or large responses.
17 Open Source Free API Testing And Development Apps
API or Application Programming Interface is a set of protocols, definitions that allow different programs or systems to talk or message with each other. Companies develop API software in order to deliver their services quicker, integrate their service with third-party, or even create scalable mobile, desktop, and web apps using
MEDevel.com | Open-source Apps for Healthcare and EnterpriseHazem Abbas

License

BSD-3-Clause license

Resources & Downloads

GitHub - intruder-io/autoswagger: Autoswagger by Intruder - detect API auth weaknesses
Autoswagger by Intruder - detect API auth weaknesses - intruder-io/autoswagger
GitHubintruder-io

Read more

How AI-Powered Documentation Is Reducing Administrative Burden in Healthcare

How AI-Powered Documentation Is Reducing Administrative Burden in Healthcare

Healthcare organizations continue to face growing administrative demands as patient volumes increase and regulatory requirements become more complex. This challenge affects healthcare providers across many specialties and locations. For instance, the Colorado Behavioral Health Administration (BHA) laws and rules establish the regulatory framework for behavioral health providers. These rules cover

By Hazem Abbas