sj (Swagger Jacker)
sj is a command-line tool designed to assist with auditing exposed Swagger/OpenAPI definition files, checking API endpoints for weak authentication. It helps users quickly identify which endpoints require authentication and which do not, providing command templates for manual vulnerability testing. Key features include:
- Automated endpoint auditing: Quickly assess API with commands to send requests and analyze responses.
- Command templates: Generate commands for manual testing with tools like
curlandsqlmap. - Endpoint and definitions extraction: Compile differing versions of API definition files.
- Brute force searching: Discover hidden API operation definitions through automated requests.
- Conversion capability: Convert Swagger files from version 2 to version 3.
Overall, sj streamlines the process of reviewing and testing exposed API definition files, saving time and effort in securing APIs.