lijiejie / swagger-exp Goto Github PK
View Code? Open in Web Editor NEWA Swagger API Exploit
A Swagger API Exploit
Traceback (most recent call last):
File "/root/mytools/swagger-exp/./swagger-exp.py", line 10, in
import urlparse
ModuleNotFoundError: No module named 'urlparse'
就是前面运行的不错,中途出现的这样的情况
Traceback (most recent call last): File "C:\Users\Lenov\Downloads\swagger-exp-master\swagger-exp-master\swagger-exp.py", line 109, in process_doc scan_api(method, base_url, path, params_str) File "C:\Users\Lenov\Downloads\swagger-exp-master\swagger-exp-master\swagger-exp.py", line 130, in scan_api r = requests.post(api_url, data=_params_str, headers=headers, verify=False) File "D:\py\lib\site-packages\requests\api.py", line 115, in post return request("post", url, data=data, json=json, **kwargs) File "D:\py\lib\site-packages\requests\api.py", line 59, in request return session.request(method=method, url=url, **kwargs) File "D:\py\lib\site-packages\requests\sessions.py", line 589, in request resp = self.send(prep, **send_kwargs) File "D:\py\lib\site-packages\requests\sessions.py", line 703, in send r = adapter.send(request, **kwargs) File "D:\py\lib\site-packages\requests\adapters.py", line 486, in send resp = conn.urlopen( File "D:\py\lib\site-packages\urllib3\connectionpool.py", line 699, in urlopen httplib_response = self._make_request( File "D:\py\lib\site-packages\urllib3\connectionpool.py", line 394, in _make_request conn.request(method, url, **httplib_request_kw) File "D:\py\lib\site-packages\urllib3\connection.py", line 234, in request super(HTTPConnection, self).request(method, url, body=body, headers=headers) File "D:\py\lib\http\client.py", line 1282, in request self._send_request(method, url, body, headers, encode_chunked) File "D:\py\lib\http\client.py", line 1327, in _send_request body = _encode(body, 'body') File "D:\py\lib\http\client.py", line 166, in _encode raise UnicodeEncodeError( UnicodeEncodeError: 'latin-1' codec can't encode characters in position 13-22: Body ('云集提交人脸认证结果') is not valid Latin-1. Use body.encode('utf-8') if you want to send it encoded in UTF-8.
现在只能支持v2的swagger v3的不兼容 可以兼容swaggerv3吗
并禁用CORS,哈哈 姐姐打错字了
师伯支持识别https的网站吗
识别不了 直接打开了谷歌浏览器
FastAPI
0.1.0
OAS3
/openapi.json
$ python swagger-exp.py http://10.139.14.14:8086/v2/api-docs
[10:18:24] [OK] [API set] http://10.139.14.14:8086/v2/api-docs
[10:18:24] [POST] http://10.139.14.14:8086/user/add userVo={OBJECT_UserVo}
[10:18:24] [Request] POST http://10.139.14.14:8086/user/add
userVo={OBJECT_UserVo}
[10:18:24] [Response] Code: 415 Content-Type: application/json Content-Length: 105
[10:18:24] [POST] http://10.139.14.14:8086/area/saveArea areaVo={OBJECT_区域实体}
Traceback (most recent call last):
File "swagger-exp.py", line 108, in process_doc
scan_api(method, base_url, path, params_str)
File "swagger-exp.py", line 129, in scan_api
r = requests.post(api_url, data=_params_str, headers=headers, verify=False)
File "X:\Python27\lib\site-packages\requests\api.py", line 116, in post
return request('post', url, data=data, json=json, **kwargs)
File "X:\Python27\lib\site-packages\requests\api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "X:\Python27\lib\site-packages\requests\sessions.py", line 533, in request
resp = self.send(prep, **send_kwargs)
File "X:\Python27\lib\site-packages\requests\sessions.py", line 646, in send
r = adapter.send(request, **kwargs)
File "X:\Python27\lib\site-packages\requests\adapters.py", line 449, in send
timeout=timeout
File "X:\Python27\lib\site-packages\urllib3\connectionpool.py", line 600, in urlopen
chunked=chunked)
File "X:\Python27\lib\site-packages\urllib3\connectionpool.py", line 354, in _make_request
conn.request(method, url, **httplib_request_kw)
File "X:\Python27\lib\httplib.py", line 1042, in request
self._send_request(method, url, body, headers)
File "X:\Python27\lib\httplib.py", line 1082, in _send_request
self.endheaders(body)
File "X:\Python27\lib\httplib.py", line 1038, in endheaders
self._send_output(message_body)
File "X:\Python27\lib\httplib.py", line 886, in _send_output
self.send(message_body)
File "X:\Python27\lib\httplib.py", line 858, in send
self.sock.sendall(data)
File "X:\Python27\lib\socket.py", line 228, in meth
return getattr(self._sock,name)(*args)
UnicodeEncodeError: 'ascii' codec can't encode characters in position 15-18: ordinal not in range(128)
[10:18:24] [process_doc error][http://10.139.14.14:8086/v2/api-docs] 'ascii' codec can't encode characters in position 15-18: ordinal not in range(128)
[10:18:24] Swagger UI Server on: http://127.0.0.1:2587
[10:18:24] Open Swagger UI with chrome
1[10:18:27] Server shutdown.27.0.0.1 - - [22/Oct/2021 10:18:27] "GET /api_summary.txt HTTP/1.1" 200 -
接口文档中的host是127.0.0.1导致扫描报错,建议开始扫描时可手动修改json文档
I can't understand how to use it, is there a missing file? Can you make a small tutorial on how to use it?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.