Created
August 9, 2022 14:15
-
-
Save kajov/6483f855391c230636ed1047ec32de1f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # shellcheck disable=SC2162 | |
| # shellcheck disable=SC2086 | |
| #----------- Setup Mapi Start --------------# | |
| echo "Checking if mapi exists" | |
| if ! command -v mapi $> /dev/null | |
| then | |
| echo "Executable for MAPI has not been found" | |
| echo "Performing automated installation" | |
| curl -Lo mapi https://mayhem4api.forallsecure.com/downloads/cli/latest/linux-musl/mapi \ | |
| && chmod +x mapi \ | |
| && sudo mv mapi /usr/local/bin | |
| else | |
| echo "Executable for mapi found, proceeding with a script" | |
| echo "-----------------------------" | |
| fi | |
| #----------- Setup Mapi End --------------# | |
| #----------- Init Setup Start -----------# | |
| echo "Enter the name of the API you will be fuzzing" | |
| read API_NAME | |
| echo "Enter API URL (Please append everything after fqdn first forward slash)" | |
| read API_LINK | |
| echo "Enter APi's OpenApi Specification URL or directory of the open-api.json on your machine" | |
| read OPEN_API_SPECIFICATION | |
| echo "Enter the length of the fuzz [Auto for automatic testing length, [10m or 10min] for 10 minutes, [20m or 20min] for 20 minutes and etc." | |
| read TEST_LENGTH | |
| echo "-----------------------------" | |
| ##----------- Confirm Mapi Login Start -----------# | |
| read -p "Are you authenticated with MAPI ?(y/N) " yn0 | |
| if [[ $yn0 =~ ^[Yy]$ ]] | |
| then | |
| echo "Skipping authentication script" | |
| else | |
| mapi login | |
| fi | |
| ##----------- Confirm Mapi Login End -----------# | |
| #----------- Init Setup end -----------# | |
| #----------- Input Confirm Start -----------# | |
| echo "-----------------------------" | |
| echo -e "These are the specifications you have entered: " | |
| echo "Name: " $API_NAME | |
| echo "API Link: " $API_LINK | |
| echo "Open API specification URL or path to the file on the host " $OPEN_API_SPECIFICATION | |
| echo "Desired testing length: " $TEST_LENGTH | |
| echo "-----------------------------" | |
| read -p "Please confirm the input is correct? (y/N) " yn2 | |
| #----------- Input Confirm end -----------# | |
| #----------- Script Logic Start -----------# | |
| if [[ $yn2 =~ ^[Yy]$ ]] | |
| then | |
| read -p "Do you wish to run MAPI in interactive mode? (y/N) " yn1 | |
| if [[ $yn1 =~ ^[Yy]$ ]] | |
| then | |
| echo "Running MAPI in interactive mode, pres Q or CMND+C to exit the interactive shell when scan is done" | |
| wait 5s | |
| mapi run -k \ | |
| --url "$API_LINK/api/" \ | |
| $API_NAME \ | |
| $TEST_LENGTH\ | |
| "$OPEN_API_SPECIFICATION" | |
| else | |
| echo "Running MAPI in CLI Mode" | |
| wait 5s | |
| mapi run -k \ | |
| --url "$API_LINK/api/" \ | |
| $API_NAME \ | |
| $TEST_LENGTH\ | |
| "$OPEN_API_SPECIFICATION" | |
| fi | |
| else | |
| echo "Exiting the Script......" | |
| echo "*************************************************" | |
| echo "Script written by Karolis Jovaisas ## [email protected]##" | |
| echo "*************************************************" | |
| exit 0; | |
| fi | |
| #----------- Script Logic End -----------# | |
| #----------- Credits Start -----------# | |
| echo "*************************************************" | |
| echo "You can find the results of the fuzz in your mapi dashboard" | |
| echo "Script written by Karolis Jovaisas ## [email protected]##" | |
| echo "*************************************************" | |
| #----------- Credits End -----------# |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment