Skip to content

Commit

Permalink
Merge branch 'main' of github.com:urchinsec/api-ninja into main
Browse files Browse the repository at this point in the history
  • Loading branch information
DevelopMan committed Mar 8, 2022
2 parents 90251da + 831540a commit 0ee1591
Show file tree
Hide file tree
Showing 6 changed files with 193 additions and 23 deletions.
38 changes: 35 additions & 3 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,37 @@
# api-ninja
# API-NINJA V1
An automated penetration testing tool , that will help perform a basic enumeration upon a given API endpoint!

# Quick start server in development environtment
FLASK_APP=api_ninja FLASK_ENV=development flask run
## Installation
### Requirements::
```
pip3 install -r requirements.txt
```
This should install all the requirements required to fully function.

## Usage
### Flask Web Server::
```
python3 app.py
```
This should start the web server, Access it from your browser by requesting `http://127.0.0.1:5000/`
It should look something like this:

![api-ninja](https://user-images.githubusercontent.com/49201347/154808834-ec994fbf-79ad-458f-8e15-9a6a0eec5c43.png)

### Scanning::
Now For the testing part , you shall input an api url with an endpoint attached to it, click scan , and it'll do the magic.

![api-nina-work](https://user-images.githubusercontent.com/49201347/154809477-33048b93-dfb0-4cd7-a066-39cad7833117.png)

We can go to `/output` endpoint and take alook at the exploit information about the server and we will get to see vulnerabilities upon the server version and all those things listed as seen below:

![outputapi](https://user-images.githubusercontent.com/49201347/154809562-663e2e56-5a13-416f-806d-59207f77dfe9.png)

## API-NINJA V2
1. Supports REST-API Penetration Testing
2. A portal to access all reports
3. More Vulnerability Testing Functionalities

## CONTACTS::
1. [email protected]
2. https://discord.gg/red66VCSEp
Binary file modified __pycache__/scanner.cpython-38.pyc
Binary file not shown.
30 changes: 30 additions & 0 deletions api_ninja.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
from flask import Flask, render_template, request, jsonify
from flask_bootstrap import Bootstrap
from scanner import Scanner

import json

scanner = Scanner()

app = Flask(__name__)
Bootstrap(app)

@app.route("/")
def index():
return render_template("index.html")

@app.route("/check", methods=["POST"])
def check_url():
check_result = scanner.full_scan(request.form["url"])
return render_template("index.html", check_result=check_result)

@app.route("/output", methods=["GET"])
def output():
with open("output_exploit_search.json",'r') as exploitResult:
read = exploitResult.readlines()
read = jsonify(read)

return read

if __name__ == "__main__":
app.run()
3 changes: 3 additions & 0 deletions requirements.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
flask
flask_bootstrap
vulners
118 changes: 105 additions & 13 deletions scanner.py
Original file line number Diff line number Diff line change
@@ -1,18 +1,110 @@
#!/usr/bin/python3
from Wappalyzer import Wappalyzer, WebPage
import requests
import vulners
import json
import os

class Scanner:
def full_scan(self, url):
return {
"checked_url": url,
"technology": self.scan_for_technologies(url),
"vuln": self.scan_for_vuln(url),
"server_version": self.scan_for_server_version(url),
"request_tamp": self.request_tamp(url),
"exploit_info": self.exploit_info(url),
"mitigation_info": self.mitigation_info(url)
}

def full_scan(self, url):
return {
"checked_url": url,
"technology": self.scan_for_technologies(url),
"vuln": self.scan_for_vuln(url),
"server_version": self.scan_for_server_version(url)
}
def scan_for_technologies(self, url):
webpage = WebPage.new_from_url(url)
wappalyzer = Wappalyzer.latest()
res = wappalyzer.analyze_with_versions_and_categories(webpage)

def scan_for_technologies(self, url):
return "Windows"
return res

def scan_for_vuln(self, url):
test1 = Scanner.test_xss(url)
test2 = Scanner.test_ssti(url)
test3 = Scanner.test_htmli(url)

def scan_for_vuln(self, url):
return "RCE found"
return f"{test1} , {test2} , {test3}"

def scan_for_server_version(self, url):
return "Server 2009"
def scan_for_server_version(self, url):
req = requests.get(url)
headers = req.headers
server = headers['Server']

return server

def request_tamp(self, url):
return "Not Spotted"

def exploit_info(self,url):
req = requests.get(url)
headers = req.headers
server = headers["Server"]

VKey = "" # get api key by going to https://vulners.com
VApi = vulners.Vulners(api_key=VKey)

search = VApi.searchExploit(server)
search = json.dumps(search,indent=2)

os.system(f"touch output_exploit_search.json")
with open(f"output_exploit_search.json","w") as exploitResult:
exploitResult.writelines(search)

return f"Result Written To output_exploit_search.json, Access by visiting `/output`"

def mitigation_info(self, url):
payloadxss = "<script>document.write('xss');</script>"
payloadssti = "{{7*7}}"
payloadhtmli = "<h1>htmlinjection</h1>"

reqxss = requests.get(f"{url}{payloadxss}")
reqssti = requests.get(f"{url}{payloadssti}")
reqhtmli = requests.get(f"{url}{payloadhtmli}")

if "xss" in reqxss.text and "49" in reqssti.text and "htmlinjection" in reqhtmli.text:
return "SSTI,XSS, and HTMLinjection available can be prevented by reviewing the code and sanitizing the inputs"
else:
return "Check Through The Output"

def test_ssti(url):
payload = "{{7*7}}"
fattempt = f"{url}{payload}"
req = requests.get(fattempt)
print(req.text)
if req.status_code == 200:
if "49" in req.text:
return "SSTI(Server Side Template Injection)"
else:
return ""
else:
return ""

def test_xss(url):
fattempt = f"{url}<script>document.write('xss');</script>"
req = requests.get(fattempt)
if req.status_code == 200:
if "xss" in req.text:
print(req.text)
return "XSS(Reflective)"
else:
return ""
else:
return ""

def test_htmli(url):
fattempt = f"{url}<h1 align='center' style='color:red;'>htmlinjection</h1>"
req = requests.get(fattempt)
if req.status_code == 200:
if "htmlinjection" in req.text:
print(req.text)
return "HTML INJECTION"
else:
return ""
else:
return ""
27 changes: 20 additions & 7 deletions templates/index.html
Original file line number Diff line number Diff line change
@@ -1,7 +1,19 @@
{% extends "bootstrap/base.html" %}
{% block title %}API NINJA{% endblock %}
{% block title %}API-NINJA{% endblock %}

{% block navbar %}
<div class="navbar navbar-fixed-top">
<!-- ... -->
</div>
{% endblock %}

{% block content %}
<style>
@import url("https://fonts.googleapis.com/css?family=Inconsolata:400,400i,700");
.container, td{
font-family: 'Inconsolata', sans-serif;
}
</style>
<div class="container">
<div class="row" style="margin-top: 10px;">
<div class="col-sm-2">
Expand All @@ -24,10 +36,10 @@ <h1 class="text-center">API NINJA</h1>
{% else %}
{% set url = "" %}
{% endif %}
<input type="text" class="form-control" placeholder="URL" name="url" value={{ url }}>
<input type="text" class="form-control" placeholder="http://api.something.com/endpoint?id=1" name="url" value={{ url }}>
</div>
<div class="col-sm-2">
<button type="button" class="btn btn-success btn-block" onclick="submit()">Check</button>
<button type="button" class="btn btn-success btn-block" onclick="submit()">SCAN</button>
</div>
</div>
</form>
Expand All @@ -48,7 +60,7 @@ <h1 class="text-center">API NINJA</h1>
<td class="text-danger">{{ check_result["technology"]}}</td>
</tr>
<tr>
<td>[2] Vulnerabilties Spotted</td>
<td>[2] Vulnerability Spotted</td>
<td class="text-danger">{{ check_result["vuln"]}}</td>
</tr>
<tr>
Expand All @@ -57,15 +69,16 @@ <h1 class="text-center">API NINJA</h1>
</tr>
<tr>
<td>[4] Request Tampering</td>
<td></td>
<td class="text-danger">{{ check_result["request_tamp"]}}</td>
</tr>
<tr>
<td>[5] Exploitation Information</td>
<td>[5] Exploit Information</td>
<td class="text-danger">{{ check_result["exploit_info"]}}</td>
<td></td>
</tr>
<tr>
<td>[6] Mitigation</td>
<td></td>
<td class="text-danger">{{ check_result["mitigation_info"]}}</td>
</td>
</tr>
</tbody>
Expand Down

0 comments on commit 0ee1591

Please sign in to comment.