Developed by: arcan3, TheM8thy Version: 0.1 Last updated: 17/04/2023 Status: Active Development
FAPI is an API endpoint fuzzer, once a wordlist has been selected it'll send a request to each possible endpoint using various request methods (POST, GET, PUT and DELETE) and then look for differences within the responses.
console[~/fapi/]: python3 fapi.py -u https://api.target.com/api/ -w /opt/wordlists/api-endpoints.txt -m get,post -dl 2 -ms parameter
usage: fapi.py [-h] -u <example url> [<example url> ...] -w <wordlist> -m <method> [-dl]
[-ms <string> [<string> ...]] [-v] [-k] [--version]
options:
-h, --help Display the help options.
-u <example url> [<example url> ...], --url <example url> [<example url> ...]
Specify the target url after the -u
flag.
-w <wordlist>, --wordlist <wordlist> Specify your chosen wordlist after the
-w flag.
-m <method>, --method <method> Specify the desired request methods,
accepted methods are
get,post,put,delete or all.
-dl , --default_testing_length Specify the testing length thats tested
against.
-ms <string> [<string> ...], --match_string <string> [<string> ...]
Match a specific string within the
response text.
-v, --verbose Verbose mode
-k, --ignore_certificates Ignore SSL certificate verification.
--version Show fapi.py version number