Metadata-Version: 2.1
Name: APIFuzzer
Version: 0.9.9
Summary: Fuzz test your application using Swagger or OpenAPI definition without coding
Home-page: https://github.com/KissPeter/APIFuzzer/
Author: Peter Kiss
Author-email: peter.kiss@linuxadm.hu
License: GNU General Public License v3.0
Description: # APIFuzzer — HTTP API Testing Framework
        
        
        APIFuzzer reads your API description and step by step fuzzes the fields to validate 
        if you application can cope with the fuzzed parameters. Does not require coding.
        
        ## APIFuzzer main features
        
        * Parse API definition from local file or remote URL
        * JSON and YAML file format support
        * All HTTP methods are supported
        * Fuzzing of request body, query string, path parameter and request header are supported
        * Support CI integration 
            * Generate JUnit XML test report format
            * Send request to alternative URL
            * Support HTTP basic auth from configuration
            * Save report of failed test in JSON format into the pre-configured folder
            * Log to stdout instead of syslog
        * Configurable log level
        
        ### Supported API definition formats
        - [Swagger][]
        - [OpenAPI][]
        
        ### Planned
        - [GraphQL][]
        - [API Blueprint][]
        
        ## Pre-requirements
        1. Python3
        2. sudo apt install libcurl4-openssl-dev libssl-dev libcurl4-nss-dev (on Ubuntu 18.04, required by pycurl)
        3. sudo apt install gcc libcurl4-nss-dev (on Ubuntu 20.04, required by pycurl)
        
        ## Installation
        
        Latest release version:
        
        ```
        pip3 install APIFuzzer
        ```
        Development version: 
        Fetch the most recent code from GitHub
        ```
        $ git clone https://github.com/KissPeter/APIFuzzer.git
        ```
        Install requirements. If you don't have pip installed, then sudo apt-get install python3-pip -y 
        ```
        $ pip3 install -r APIFuzzer/requirements.txt
        ```
        
        ## Quick Start
        Check the help (some of them are not implemented yet):
        ```
        
        $$ usage: APIFuzzer [-h] [-s SRC_FILE] [--src_url SRC_URL] [-r REPORT_DIR] [--level LEVEL] [-u ALTERNATE_URL] [-t TEST_RESULT_DST]
                         [--log {critical,fatal,error,warn,warning,info,debug,notset}] [--basic_output BASIC_OUTPUT] [--headers HEADERS] [-v ,--version]
        
        APIFuzzer configuration
        
        optional arguments:
          -h, --help            show this help message and exit
          -s SRC_FILE, --src_file SRC_FILE
                                API definition file path. JSON and YAML format is supported
          --src_url SRC_URL     API definition url. JSON and YAML format is supported
          -r REPORT_DIR, --report_dir REPORT_DIR
                                Directory where error reports will be saved. Default is temporally generated directory
          --level LEVEL         Test deepness: [1,2], the higher is the deeper (In progress)
          -u ALTERNATE_URL, --url ALTERNATE_URL
                                Use CLI defined url instead compile the url from the API definition. Useful for testing
          -t TEST_RESULT_DST, --test_report TEST_RESULT_DST
                                JUnit test result xml save path
          --log {critical,fatal,error,warn,warning,info,debug,notset}
                                Use different log level than the default WARNING
          --basic_output BASIC_OUTPUT
                                Use basic output for logging (useful if running in jenkins). Example --basic_output=True
          --headers HEADERS     Http request headers added to all request. Example: '[{"Authorization": "SuperSecret"}, {"Auth2": "asd"}]'
        
        ```
        
        Usage example:
        
        ```
        Start the sample application (install the necessary packages listed in test/requirements_for_test.txt):
        $ python3 test/test_application.py
        
        Start the fuzzer:
        $ ./bin/APIFuzzer -s test/test_api/openapi_v2.json -u http://127.0.0.1:5000/ -r /tmp/reports/ --log debug 
        
        Check the reports:
        $ ls -1 /tmp/reports/
        
        Report example:
        $ json_pp < /tmp/reports/79_1573993485.5391517.json
        {
           "response" : "Test application exception: invalid literal for int() with base 10: '0\\x00\\x10'",
           "sub_reports" : [],
           "parsed_status_code" : 500,
           "state" : "COMPLETED",
           "test_number" : 79,
           "request_body" : null,
           "reason" : "failed",
           "name" : "target",
           "request_url" : "http://127.0.0.1:5000/exception/0\u0000\u0010",
           "request_method" : "GET",
           "status" : "failed",
           "request_headers" : "{\"User-Agent\": \"APIFuzzer\", \"Accept-Encoding\": \"gzip, deflate\", \"Accept\": \"*/*\", \"Connection\": \"keep-alive\"}"
        }
        ```
        
        [API Blueprint]: https://apiblueprint.org/
        [Swagger]: http://swagger.io/
        [OpenAPI]: https://swagger.io/docs/specification/about/
        [GraphQL]: https://graphql.org/
Keywords: Fuzz test,QA,Software Quality Assurance,Security testing,Swagger,OpenAPI
Platform: UNKNOWN
Classifier: Development Status :: 4 - Beta
Classifier: Intended Audience :: Developers
Classifier: Topic :: Software Development :: Quality Assurance
Classifier: Topic :: Software Development :: Testing
Classifier: Natural Language :: English
Classifier: License :: OSI Approved :: GNU General Public License v3 (GPLv3)
Classifier: Programming Language :: Python :: 3.6
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Requires-Python: >=3.6, <4
Description-Content-Type: text/markdown
