creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-api-fuzzing-with-restler/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

57 lines
1.9 KiB
Markdown
Raw Blame History

# RESTler API Fuzzing — API Reference
## Installation
```bash
git clone https://github.com/microsoft/restler-fuzzer.git
python3 ./build-restler.py --dest_dir /opt/restler
```
## RESTler CLI Commands
| Command | Description |
|---------|-------------|
| `Restler compile --api_spec <spec>` | Compile OpenAPI spec to fuzzing grammar |
| `Restler test --grammar_file <g>` | Smoke test — validate endpoint reachability |
| `Restler fuzz-lean --grammar_file <g>` | Quick fuzz — one pass with all checkers |
| `Restler fuzz --grammar_file <g>` | Full fuzz — extended fuzzing campaign |
## Key CLI Flags
| Flag | Description |
|------|-------------|
| `--grammar_file` | Path to compiled grammar.py |
| `--dictionary_file` | Custom fuzzing dictionary (dict.json) |
| `--settings` | Engine settings JSON file |
| `--target_ip` | Target API hostname or IP |
| `--target_port` | Target API port |
| `--time_budget` | Max hours to run (fuzz/fuzz-lean) |
| `--enable_checkers` | Space-separated checker names |
| `--no_ssl` | Disable TLS verification |
## Security Checkers
| Checker | Detects |
|---------|---------|
| UseAfterFree | Accessing deleted resources |
| NamespaceRule | Cross-tenant data access |
| ResourceHierarchy | Wrong parent resource ID access |
| LeakageRule | Sensitive data in error responses |
| InvalidDynamicObject | Malformed object ID handling |
| PayloadBody | Request body injection flaws |
## Output Directory Structure
| Path | Contents |
|------|----------|
| `ResponseBuckets/runSummary.json` | Aggregated run statistics |
| `bug_buckets/` | Individual bug report files |
| `Compile/grammar.py` | Generated fuzzing grammar |
| `Compile/dict.json` | Fuzzing dictionary |
## External References
- [RESTler GitHub](https://github.com/microsoft/restler-fuzzer)
- [RESTler Research Paper](https://patricegodefroid.github.io/public_psfiles/icse2019.pdf)
- [Schemathesis Alternative](https://github.com/schemathesis/schemathesis)
Reference in New Issue View Git Blame Copy Permalink