├── .github ├── CODEOWNERS └── workflows │ ├── dev-push.yml │ ├── pypi-publish.yml │ └── release-push.yml ├── .gitignore ├── .pre-commit-config.yaml ├── 404.html ├── CONTRIBUTING.md ├── Gemfile ├── LICENSE.md ├── README.md ├── SECURITY.md ├── _config.yml ├── action.yml ├── assets └── images │ ├── README.md │ ├── logos │ ├── offat-2.png │ ├── offat-3.png │ ├── offat-compressed.png │ └── offat.png │ └── tests │ ├── offat-test-undocumented-api-endpoint-http-method.png │ └── offat-v0.5.0.png ├── index.md ├── info.md ├── leaders.md └── src ├── .dockerignore ├── .env.sample ├── .gitignore ├── CODE_OF_CONDUCT.md ├── DISCLAIMER.md ├── DockerFiles ├── dev │ ├── backend-api-Dockerfile │ ├── backend-api-worker-Dockerfile │ └── cli-Dockerfile ├── main │ ├── backend-api-Dockerfile │ ├── backend-api-worker-Dockerfile │ └── cli-Dockerfile └── wolfi-base-Dockerfile ├── MANIFEST.in ├── Makefile ├── README.md ├── docker-compose.yml ├── offat ├── __init__.py ├── __main__.py ├── api │ ├── __init__.py │ ├── __main__.py │ ├── app.py │ ├── auth_utils.py │ ├── config.py │ ├── jobs.py │ └── schema.py ├── config_data_handler.py ├── http.py ├── logger.py ├── parsers │ ├── __init__.py │ ├── openapi.py │ ├── parser.py │ └── swagger.py ├── report │ ├── __init__.py │ ├── generator.py │ ├── summary.py │ └── templates │ │ ├── __init__.py │ │ ├── report.html │ │ └── table.py ├── tester │ ├── __init__.py │ ├── fuzzer.py │ ├── generator.py │ ├── handler.py │ ├── post_test_processor.py │ ├── regexs.py │ ├── runner.py │ └── tester_utils.py ├── tests │ ├── __init__.py │ ├── parsers │ │ ├── __init__.py │ │ └── test_parser.py │ ├── self_signed │ │ ├── __init__.py │ │ └── self_signed_server_tester.py │ ├── testers │ │ ├── __init__.py │ │ └── test_fuzzer.py │ └── utils │ │ ├── __init__.py │ │ ├── test_parse_server_url.py │ │ └── test_url_validations.py └── utils.py ├── poetry.lock └── pyproject.toml /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @dmdhrumilmistry -------------------------------------------------------------------------------- /.github/workflows/dev-push.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/.github/workflows/dev-push.yml -------------------------------------------------------------------------------- /.github/workflows/pypi-publish.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/.github/workflows/pypi-publish.yml -------------------------------------------------------------------------------- /.github/workflows/release-push.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/.github/workflows/release-push.yml -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/.gitignore -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/.pre-commit-config.yaml -------------------------------------------------------------------------------- /404.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/404.html -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/CONTRIBUTING.md -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/Gemfile -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/LICENSE.md -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/README.md -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/SECURITY.md -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/_config.yml -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/action.yml -------------------------------------------------------------------------------- /assets/images/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/assets/images/README.md -------------------------------------------------------------------------------- /assets/images/logos/offat-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/assets/images/logos/offat-2.png -------------------------------------------------------------------------------- /assets/images/logos/offat-3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/assets/images/logos/offat-3.png -------------------------------------------------------------------------------- /assets/images/logos/offat-compressed.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/assets/images/logos/offat-compressed.png -------------------------------------------------------------------------------- /assets/images/logos/offat.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/assets/images/logos/offat.png -------------------------------------------------------------------------------- /assets/images/tests/offat-test-undocumented-api-endpoint-http-method.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/assets/images/tests/offat-test-undocumented-api-endpoint-http-method.png -------------------------------------------------------------------------------- /assets/images/tests/offat-v0.5.0.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/assets/images/tests/offat-v0.5.0.png -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/index.md -------------------------------------------------------------------------------- /info.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/info.md -------------------------------------------------------------------------------- /leaders.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/leaders.md -------------------------------------------------------------------------------- /src/.dockerignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/.dockerignore -------------------------------------------------------------------------------- /src/.env.sample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/.env.sample -------------------------------------------------------------------------------- /src/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/.gitignore -------------------------------------------------------------------------------- /src/CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/CODE_OF_CONDUCT.md -------------------------------------------------------------------------------- /src/DISCLAIMER.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DISCLAIMER.md -------------------------------------------------------------------------------- /src/DockerFiles/dev/backend-api-Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DockerFiles/dev/backend-api-Dockerfile -------------------------------------------------------------------------------- /src/DockerFiles/dev/backend-api-worker-Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DockerFiles/dev/backend-api-worker-Dockerfile -------------------------------------------------------------------------------- /src/DockerFiles/dev/cli-Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DockerFiles/dev/cli-Dockerfile -------------------------------------------------------------------------------- /src/DockerFiles/main/backend-api-Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DockerFiles/main/backend-api-Dockerfile -------------------------------------------------------------------------------- /src/DockerFiles/main/backend-api-worker-Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DockerFiles/main/backend-api-worker-Dockerfile -------------------------------------------------------------------------------- /src/DockerFiles/main/cli-Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DockerFiles/main/cli-Dockerfile -------------------------------------------------------------------------------- /src/DockerFiles/wolfi-base-Dockerfile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/DockerFiles/wolfi-base-Dockerfile -------------------------------------------------------------------------------- /src/MANIFEST.in: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/MANIFEST.in -------------------------------------------------------------------------------- /src/Makefile: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/Makefile -------------------------------------------------------------------------------- /src/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/README.md -------------------------------------------------------------------------------- /src/docker-compose.yml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/docker-compose.yml -------------------------------------------------------------------------------- /src/offat/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/__main__.py -------------------------------------------------------------------------------- /src/offat/api/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/api/__main__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/api/__main__.py -------------------------------------------------------------------------------- /src/offat/api/app.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/api/app.py -------------------------------------------------------------------------------- /src/offat/api/auth_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/api/auth_utils.py -------------------------------------------------------------------------------- /src/offat/api/config.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/api/config.py -------------------------------------------------------------------------------- /src/offat/api/jobs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/api/jobs.py -------------------------------------------------------------------------------- /src/offat/api/schema.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/api/schema.py -------------------------------------------------------------------------------- /src/offat/config_data_handler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/config_data_handler.py -------------------------------------------------------------------------------- /src/offat/http.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/http.py -------------------------------------------------------------------------------- /src/offat/logger.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/logger.py -------------------------------------------------------------------------------- /src/offat/parsers/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/parsers/__init__.py -------------------------------------------------------------------------------- /src/offat/parsers/openapi.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/parsers/openapi.py -------------------------------------------------------------------------------- /src/offat/parsers/parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/parsers/parser.py -------------------------------------------------------------------------------- /src/offat/parsers/swagger.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/parsers/swagger.py -------------------------------------------------------------------------------- /src/offat/report/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/report/generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/report/generator.py -------------------------------------------------------------------------------- /src/offat/report/summary.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/report/summary.py -------------------------------------------------------------------------------- /src/offat/report/templates/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/report/templates/report.html: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/report/templates/report.html -------------------------------------------------------------------------------- /src/offat/report/templates/table.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/report/templates/table.py -------------------------------------------------------------------------------- /src/offat/tester/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/tester/fuzzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tester/fuzzer.py -------------------------------------------------------------------------------- /src/offat/tester/generator.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tester/generator.py -------------------------------------------------------------------------------- /src/offat/tester/handler.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tester/handler.py -------------------------------------------------------------------------------- /src/offat/tester/post_test_processor.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tester/post_test_processor.py -------------------------------------------------------------------------------- /src/offat/tester/regexs.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tester/regexs.py -------------------------------------------------------------------------------- /src/offat/tester/runner.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tester/runner.py -------------------------------------------------------------------------------- /src/offat/tester/tester_utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tester/tester_utils.py -------------------------------------------------------------------------------- /src/offat/tests/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/tests/parsers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/tests/parsers/test_parser.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tests/parsers/test_parser.py -------------------------------------------------------------------------------- /src/offat/tests/self_signed/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/tests/self_signed/self_signed_server_tester.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tests/self_signed/self_signed_server_tester.py -------------------------------------------------------------------------------- /src/offat/tests/testers/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/tests/testers/test_fuzzer.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tests/testers/test_fuzzer.py -------------------------------------------------------------------------------- /src/offat/tests/utils/__init__.py: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /src/offat/tests/utils/test_parse_server_url.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tests/utils/test_parse_server_url.py -------------------------------------------------------------------------------- /src/offat/tests/utils/test_url_validations.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/tests/utils/test_url_validations.py -------------------------------------------------------------------------------- /src/offat/utils.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/offat/utils.py -------------------------------------------------------------------------------- /src/poetry.lock: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/poetry.lock -------------------------------------------------------------------------------- /src/pyproject.toml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/OFFAT/HEAD/src/pyproject.toml --------------------------------------------------------------------------------