VulnAPI is an open-source project designed to help you scan your APIs for common security vulnerabilities and weaknesses.
Home Page: https://vulnapi.cerberauth.com
License: MIT License
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
For now, the test is done with HS256 but server could check only the alg but not the rest. The idea would be to create a new token with the same alg but with a random secret.
This report should contain at least:
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
This repository currently has no open or pending branches.
.docker/Dockerfile-build
golang 1.22-bullseye.docker/Dockerfile-goreleaser
.github/workflows/ci.yml
actions/checkout v4actions/setup-go v5codecov/codecov-action v4actions/checkout v4actions/setup-go v5docker/login-action v3docker/login-action v3goreleaser/goreleaser-action v5
go.mod
go 1.22github.com/brianvoe/gofakeit/v7 v7.0.2github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be@734e95fb86begithub.com/fatih/color v1.16.0github.com/getkin/kin-openapi v0.123.0github.com/golang-jwt/jwt/v5 v5.2.1github.com/jarcoal/httpmock v1.3.1github.com/olekukonko/tablewriter v0.0.5github.com/spf13/cobra v1.8.0github.com/std-uritemplate/std-uritemplate/go v0.0.54github.com/stretchr/testify v1.9.0
Use one list for scanning known URLs: https://github.com/danielmiessler/SecLists/tree/master
Web Extension API is an HTTP API accepting HTTP requests with JWT. The API must take the request initially targeting the service with should received the token. With this request, the project should copy the request and scan with those informations.
When OpenAPI contains a OpenID Connect authorization, use this authentication method instead on JWT. Open a browser in order to let the user authorize himself.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
