ProductPromotion
Logo

Rust

made by https://0x3d.site

GitHub - blst-security/cherrybomb: Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests. - blst-security/cher...
Visit Site

GitHub - blst-security/cherrybomb: Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

GitHub - blst-security/cherrybomb: Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

cherry_bomb_v1.0

Maintained by blst security

docs

Discord Shield

💣 What is Cherrybomb?

Cherrybomb is an CLI tool written in Rust that helps prevent incorrect code implementation early in development. It works by validating and testing your API using an OpenAPI file. Its main goal is to reduce security errors and ensure your API functions as intended.

🔨 How does it work?

Cherrybomb makes sure your API is working correctly. It checks your API's spec file (OpenAPI Specification) for good practices and makes sure it follows the OAS rules. Then, it tests your API for common issues and vulnerabilities. If any problems are found, Cherrybomb gives you a detailed report with the exact location of the problem so you can fix it easily.

🐾 Get Started

Installation

Linux/MacOS:

DEPRECATED FOR NOW

The script requires sudo permissions to move the cherrybomb bin into /usr/local/bin/.

(If you want to view the shell script(or even help to improving it - /scripts/install.sh)

Containerized version

You can get Cherrybomb through its containerized version which is hosted on AWS ECR, and requires an API key that you can get on that address(the loading is a bit slow) - DEPRECATED FOR NOW

docker run --mount type=bind,source=[PATH TO OAS],destination=/home public.ecr.aws/blst-security/cherrybomb:latest cherrybomb -f /home/[OAS NAME] --api-key=[API-KEY]

Get it from crates.io


cargo install cherrybomb

If you don't have cargo installed, you can install it from here

Building from Sources

You can also build Cherrybomb from sources by cloning this repo, and building it using cargo.


git clone https://github.com/blst-security/cherrybomb && cd cherrybomb

The main branch's Cargo.toml file uses cherrybomb-engine and cherrybomb-oas from crates.io.

if you want build those from source too, you can change the following files:

(remove the version number and replace with the path to the local repo)

cherrybomb/Cargo.toml:
cherrybomb-engine = version => { path = "cherrybomb-engine" }
cherrybomb/cherrybomb-engine/Cargo.toml:
cherrybomb-oas = version => { path = "../cherrybomb-oas" }
cargo build --release
sudo mv ./target/release/cherrybomb /usr/local/bin # or any other directory in your PATH

Profile

Profiles allow you to choose the type of check you want to use.

- info: only generates param and endpoint tables
- normal:  both active and passive
- intrusive: active and intrusive [in development]
- passive: only passive tests
- full: all the options

Config

With a configuration file, you can easily edit, view, Cherrybomb's options. The config file allows you to set the running profile, location of the oas file, the verbosity and ignore the TLS error.

Config also allows you to override the server's URL with an array of servers, and add security to the request [in development].

Notice that CLI arguments parameter will override config options if both are set.

You can also add or remove checks from a profile using passive/active-include/exclude. [in development]

cherrybomb --config  <CONFIG_FILE>

Structure of config file:

{
"file" : "open-api.json",
"verbosity" : "normal, 
"profile" : " "Normal",
"passive_include" : ["check1, checks2"],
"active_include": ["check3, check4"],
"servers_override" , ["http://server/"],
"security":  [{
    "auth_type": "Basic",
    "auth_value" : token_value,
    "auth_scope" : scope_name
    }],
"ignore_tls_errors" : true, 
"no_color" : false,
}

Usage

After installing, verify it's working by running

cherrybomb --version

OpenAPI specification

cherrybomb --file <PATH> --profile passive

Passive Output example:

passive_output

Generate Info Table

cherrybomb --file <PATH> --profile info

Parameter table output:

parameter_output

Endpoint table output:

endpoint_output

🍻 Integration

DEPRECATED FOR NOW - WILL BE REPLACED SOON

You can embed it into your CI pipeline, and If you plan on doing that I would recommend that you go to our website, sign up, go through the CI pipeline integration wizard, and copy the groovy/GitHub actions snippet built for you.

Example:

CI pipeline builder output

💪 Support

Get help

If you have any questions you can ask us on our discord server.

You are also welcome to open an Issue here on GitHub.

More Resources
to explore the angular.

mail [email protected] to add your project or resources here 🔥.

Related Articles
to learn about angular.

FAQ's
to learn more about Angular JS.

mail [email protected] to add more queries here 🔍.

More Sites
to check out once you're finished browsing here.

0x3d
https://www.0x3d.site/
0x3d is designed for aggregating information.
NodeJS
https://nodejs.0x3d.site/
NodeJS Online Directory
Cross Platform
https://cross-platform.0x3d.site/
Cross Platform Online Directory
Open Source
https://open-source.0x3d.site/
Open Source Online Directory
Analytics
https://analytics.0x3d.site/
Analytics Online Directory
JavaScript
https://javascript.0x3d.site/
JavaScript Online Directory
GoLang
https://golang.0x3d.site/
GoLang Online Directory
Python
https://python.0x3d.site/
Python Online Directory
Swift
https://swift.0x3d.site/
Swift Online Directory
Rust
https://rust.0x3d.site/
Rust Online Directory
Scala
https://scala.0x3d.site/
Scala Online Directory
Ruby
https://ruby.0x3d.site/
Ruby Online Directory
Clojure
https://clojure.0x3d.site/
Clojure Online Directory
Elixir
https://elixir.0x3d.site/
Elixir Online Directory
Elm
https://elm.0x3d.site/
Elm Online Directory
Lua
https://lua.0x3d.site/
Lua Online Directory
C Programming
https://c-programming.0x3d.site/
C Programming Online Directory
C++ Programming
https://cpp-programming.0x3d.site/
C++ Programming Online Directory
R Programming
https://r-programming.0x3d.site/
R Programming Online Directory
Perl
https://perl.0x3d.site/
Perl Online Directory
Java
https://java.0x3d.site/
Java Online Directory
Kotlin
https://kotlin.0x3d.site/
Kotlin Online Directory
PHP
https://php.0x3d.site/
PHP Online Directory
React JS
https://react.0x3d.site/
React JS Online Directory
Angular
https://angular.0x3d.site/
Angular JS Online Directory