reddit hackernews mail facebook facebook linkedin
Swagger Jacker

Swagger Jacker

Designed to assist with auditing of exposed Swagger/OpenAPI) definition files.

Swagger Jacker is a command line tool designed to assist with auditing of exposed Swagger/OpenAPI definition files by checking the associated API endpoints for weak authentication. It also provides command templates for manual vulnerability testing.

It does this by parsing the definition file for paths, parameters, and accepted methods before using the results with one of three commands:

automate - Crafts a series of requests and analyzes the status code of the response.
prepare - Generates a list of commands to use for manual testing.
endpoints - Generates a list of raw API routes. Path values will not be replaced with test data.