internal/

directory
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 22, 2026 License: MIT

Directories

Path Synopsis
Package browser uses a headless Chromium instance to discover API definitions behind JavaScript-rendered docs UIs (ReDoc, RapiDoc, swagger-ui) by watching the network for the spec request the page makes after it loads.
Package browser uses a headless Chromium instance to discover API definitions behind JavaScript-rendered docs UIs (ReDoc, RapiDoc, swagger-ui) by watching the network for the spec request the page makes after it loads.
Package detect identifies whether a URL/response exposes a Swagger/OpenAPI definition and, if so, loads it into a normalized spec.
Package detect identifies whether a URL/response exposes a Swagger/OpenAPI definition and, if so, loads it into a normalized spec.
Package discover actively probes targets for exposed Swagger/OpenAPI endpoints using the flagship wordlist, content matchers, and random-path false-positive suppression (technique from brinhosa/apidetector).
Package discover actively probes targets for exposed Swagger/OpenAPI endpoints using the flagship wordlist, content matchers, and random-path false-positive suppression (technique from brinhosa/apidetector).
Package exploit verifies known Swagger-UI client-side vulnerabilities (configUrl/url DOM XSS, spec-driven HTML injection) using a headless browser for high-accuracy confirmation.
Package exploit verifies known Swagger-UI client-side vulnerabilities (configUrl/url DOM XSS, spec-driven HTML injection) using a headless browser for high-accuracy confirmation.
Package httpclient provides a shared, rate-limited, concurrent HTTP client used across all SwaggerVu modules.
Package httpclient provides a shared, rate-limited, concurrent HTTP client used across all SwaggerVu modules.
Package osint performs passive discovery of public API definitions via the SwaggerHub spec-search API (technique from UndeadSec/SwaggerSpy).
Package osint performs passive discovery of public API definitions via the SwaggerHub spec-search API (technique from UndeadSec/SwaggerSpy).
Package output centralizes result formatting (console, txt, json) for SwaggerVu.
Package output centralizes result formatting (console, txt, json) for SwaggerVu.
Package requestgen turns a normalized OpenAPI spec into concrete HTTP requests, generating example values from schemas (ported/extended from BishopFox/sj).
Package requestgen turns a normalized OpenAPI spec into concrete HTTP requests, generating example values from schemas (ported/extended from BishopFox/sj).
Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).
Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).
Package secrets scans text (spec bodies, API responses) for leaked credentials using the merged TruffleHog/SwaggerSpy regex corpus.
Package secrets scans text (spec bodies, API responses) for leaked credentials using the merged TruffleHog/SwaggerSpy regex corpus.
Package spec loads and normalizes Swagger 2.0 / OpenAPI 3.x definitions from JSON, YAML, or JavaScript-embedded sources into a single openapi3 document.
Package spec loads and normalizes Swagger 2.0 / OpenAPI 3.x definitions from JSON, YAML, or JavaScript-embedded sources into a single openapi3 document.
Package wayback harvests a target's archived URLs from the Wayback Machine CDX API and filters them down to API/Swagger-looking endpoints.
Package wayback harvests a target's archived URLs from the Wayback Machine CDX API and filters them down to API/Swagger-looking endpoints.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL