Scanning All Vulnerability Disclosure Programs For Automated API Hacking

NahamSec

9 Sept 202409:48

Summary

TLDRIn this video, the host introduces Swagger Jacker, a tool by Bishop Fox, which revolutionizes API testing by identifying accessible and unauthenticated endpoints. It also generates wordlists from Swagger files, aiding in bug bounty hunting and research. The host shares a dataset of 800 domains and over 100,000 subdomains for public use and demonstrates how to use Swagger Jacker for API endpoint analysis, authentication testing, and creating targeted wordlists. The video also covers brute-forcing API specs and encourages viewers to explore the tool for bug bounty and security research.

Takeaways

🔧 The tool 'Swagger Jacker' by Bishop Fox was introduced and is praised for its utility in API testing and access.
🔑 It's particularly useful for identifying unauthenticated API access, making it a 'game changer' for security testing.
📄 Swagger Jacker can generate wordlists from Swagger files, aiding in targeted reconnaissance and vulnerability discovery.
🔍 The speaker scanned various bug bounty programs to find Swagger files, demonstrating a methodical approach to gathering data.
💾 The dataset includes approximately 800 domains and over 100,000 subdomains, which are available for public use on GitHub.
🛠 The tool 'Lima' is mentioned for distributing workload across AWS Lambda functions, though it's not publicly available.
🔗 Swagger Jacker automates the process of checking API endpoints, reducing the manual effort typically required in security assessments.
🔐 It can be used to test leaked credentials against APIs to determine if they provide access to the company's infrastructure.
📝 The 'prepare' argument in Swagger Jacker outputs curl commands for API calls, streamlining the process of manual testing.
📊 The tool can create a wordlist of endpoints, which is beneficial for targeted attacks on large infrastructures with numerous APIs.
🔎 Swagger Jacker includes a brute force feature to discover API specifications, expanding its utility beyond just using known Swagger files.

Q & A

What is Swagger Jacker, and who developed it?
-Swagger Jacker is a tool developed by Bishop Fox that helps users test APIs for unauthenticated access and generate wordlists based on Swagger files. It's open-source and easy to install.
What are the primary features of Swagger Jacker?
-Swagger Jacker allows users to test API endpoints for unauthenticated access, generate wordlists from leaked Swagger files, and automate the process of inspecting APIs across various domains.
How does Swagger Jacker help in bug bounty hunting?
-Swagger Jacker helps bug bounty hunters by automating the process of testing and collecting data from various APIs. It can also generate endpoint lists and authenticate requests using leaked credentials, making it a valuable tool for API hacking.
What is the significance of leaked Swagger specs for a bug bounty hunter?
-Leaked Swagger specs can reveal the endpoints of APIs, which can then be tested for vulnerabilities such as unauthorized access. This makes the specs a potential 'gold mine' for bug bounty hunters seeking to exploit unprotected APIs.
How does the tool handle large-scale API testing?
-The user divides the domains into batches of 10,000 and feeds them into a private tool that distributes the workload across AWS Lambda functions. Swagger Jacker is then used to automate the inspection of these endpoints.
What customization options does Swagger Jacker offer?
-Swagger Jacker allows users to add specific headers (like authorization headers with leaked credentials) to test if they can authenticate to an API. It also supports a 'prepare' mode, which outputs curl commands for each endpoint, making it easier to build tooling around the data.
What is the process of generating wordlists using Swagger Jacker?
-Users can create wordlists by dumping all the endpoints from various Swagger files into a file. These wordlists are helpful for bug bounty hunters targeting large infrastructures with many APIs, as they can identify common or potentially vulnerable API endpoints.
What is the advantage of using Swagger Jacker over manual methods?
-Swagger Jacker automates processes that would otherwise be done manually, such as gathering API endpoints and testing them for access. It saves time by performing these tasks in bulk and helps reduce human error in API testing.
Can Swagger Jacker perform brute force attacks on APIs?
-Yes, Swagger Jacker has a brute force feature that can send thousands of requests to test various paths on an API. This helps in identifying any available API documentation or endpoints that can be accessed without proper authorization.
How can users benefit from the data collected with Swagger Jacker?
-Users can use the collected data, such as API endpoint lists or wordlists, to improve their reconnaissance during bug bounty hunting. The data can also be fed into other tools like Nuclei or httpx for further analysis.