Susanoo is a REST API security testing framework. 

* API Vulnerability Scan
	**  Scans for following bugs:
		***   Indirect Object References
		***   Authentication issues
		***   SQL injections
		***   Error stacks

* Smoke Scan
	**  A known Proof-of-concept can be configured to run daily/weekly etc.

Susanoo takes yaml files in configuration. Please check the examples folder for sample configuration files.

	resource --> static
		Eg: In the following example the value "password" is used for grant_type:

			password: {"type":"resource", "required":True, "value":"p@ssw0rd"}

	hex-n:
		Generate hex of length n.
			Eg: a hex value of length 16 is generated for uniqueId in below example:

				id: {'type':'hex-16', 'required': True} 

	int-n:
		Generates int of size n
			Eg: a int value of size 4 is generated for uniqueId in below example:
			
				bonus: {'type':'int-4', 'required':'True'}

	email:
		Generates random email id
			Eg: a random email id is generated and assigned for email_id

				email_id: {"type":"email", "required":True}

	username:
		Generates random username
			Eg: a random username is generated and assigned for username

				username: {"type":"username", "required":True}

	string:
		Generates random strings
			Eg: generates random strings of variable length.

				string: {"type":"string", "required":True}

^^/D/projects >>> git clone https://github.com/ant4g0nist/susanoo
^^/D/projects >>> cd susanoo
^^/D/p/susanoo >>> sudo pip install -r requirements.txt

^^/D/p/susanoo >>> cd db
^^/D/p/s/db >>> sudo mongod --dbpath . --bind_ip=127.0.0.1	

^^/D/p/susanoo >>> python susanoo.py