-
Notifications
You must be signed in to change notification settings - Fork 0
/
Pentest API.py
38 lines (33 loc) · 1.44 KB
/
Pentest API.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import requests
import re
def test_chatbot_api_vulnerabilities(base_url, api_endpoints):
# Token de autenticación (si es necesario)
headers = {'Authorization': 'Bearer YOUR_ACCESS_TOKEN'}
# Probar la autenticación
response = requests.get(f"{base_url}{api_endpoints['auth']}", headers=headers)
if response.status_code == 200:
print("Authentication might not be enforced properly.")
# Probar la exposición de datos sensibles
response = requests.get(f"{base_url}{api_endpoints['data']}", headers=headers)
sensitive_data_patterns = ["password", "secret", "token"]
for pattern in sensitive_data_patterns:
if re.search(pattern, response.text, re.IGNORECASE):
print(f"Sensitive data ({pattern}) exposed.")
# Probar inyección SQL
sql_payloads = ["' OR '1'='1", "' OR '1'='2", "'; DROP TABLE members; --"]
for payload in sql_payloads:
response = requests.post(
f"{base_url}{api_endpoints['interaction']}",
headers=headers,
json={'message': payload}
)
if "error" not in response.json():
print(f"Potentially vulnerable to SQL injection: {payload}")
# Ejemplo de uso
# base_url = "http://example.com/api/"
# api_endpoints = {
# 'auth': 'auth',
# 'data': 'userdata',
# 'interaction': 'interaction'
# }
# test_chatbot_api_vulnerabilities(base_url, api_endpoints)