swaggervu

command module
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 23, 2026 License: MIT Imports: 1 Imported by: 0

README ΒΆ

SwaggerVu

The all-in-one Swagger / OpenAPI discovery, audit & testing toolkit.
Find API docs across thousands of targets, parse any spec, hunt for unauthenticated data exposure & secrets, and confirm client-side CVEs with a headless browser β€” in a single static Go binary.

For authorized security testing and bug-bounty use only.

CI Latest release Go Report Card Go 1.26


Why SwaggerVu

Most Swagger tooling does exactly one thing β€” brute a path list, or parse a spec, or check a single CVE. SwaggerVu fuses the best ideas from across the ecosystem into one cohesive tool:

Capability What it does
πŸ”­ Discover Probe up to thousands of hosts with a curated flagship wordlist, confirm hits with content matchers, and kill false positives with random-path baselining.
πŸ•°οΈ Wayback Harvest a domain's archived API URLs from the Wayback Machine and feed them straight into discovery β€” discover --wayback.
πŸ›°οΈ OSINT Find public definitions on SwaggerHub by domain/keyword β€” discover --osint.
🧬 Detect / Parse Identify Swagger 2.0, OpenAPI 3.0 & 3.1 from JSON, YAML, or JS-embedded specs β€” auto-converting v2β†’v3.
🎯 Scan Generate one request per operation from the spec, skip 401/403, and flag endpoints that return data without auth (broken access control / data exposure).
πŸ”‘ Secrets Regex corpus (TruffleHog-style + SwaggerSpy) over the spec document and live responses β€” runs automatically inside scan and all.
πŸ§ͺ Exploit Confirm Swagger-UI configUrl / url DOM XSS and spec-driven HTML injection with a real headless browser and screenshot evidence β€” opt-in & gated. Reads the browser console to distinguish a genuine miss from a CORS-blocked PoC fetch, and accepts your own payload host.
πŸ› οΈ Prepare Emit ready-to-run curl / sqlmap commands per endpoint for manual testing β€” scan --emit curl|sqlmap.

Built on kin-openapi (parsing), chromedp (headless confirmation), and a global, rate-limited worker pool that comfortably handles large target lists.

Install

Prebuilt binary (recommended) β€” grab the latest static binary for your OS/arch from the releases page, no toolchain required.

From source:

go install github.com/codejavu-llc/swaggervu@latest
# or
git clone https://github.com/codejavu-llc/swaggervu && cd swaggervu && go build -o swaggervu .

The exploit subcommand needs Chrome or Chromium installed (for headless confirmation).

Demo

One command, browser-confirmed findings, evidence you can paste straight into a report:

swaggervu all acc.example.com --screenshots ./evidence --md -o report.md

Documentation ΒΆ

The Go Gopher

There is no documentation for this package.

Directories ΒΆ

Path Synopsis
Package data holds embedded wordlists, content matchers, secret regexes, and the CVE registry that power SwaggerVu.
Package data holds embedded wordlists, content matchers, secret regexes, and the CVE registry that power SwaggerVu.
internal
browser
Package browser uses a headless Chromium instance to discover API definitions behind JavaScript-rendered docs UIs (ReDoc, RapiDoc, swagger-ui) by watching the network for the spec request the page makes after it loads.
Package browser uses a headless Chromium instance to discover API definitions behind JavaScript-rendered docs UIs (ReDoc, RapiDoc, swagger-ui) by watching the network for the spec request the page makes after it loads.
detect
Package detect identifies whether a URL/response exposes a Swagger/OpenAPI definition and, if so, loads it into a normalized spec.
Package detect identifies whether a URL/response exposes a Swagger/OpenAPI definition and, if so, loads it into a normalized spec.
discover
Package discover actively probes targets for exposed Swagger/OpenAPI endpoints using the flagship wordlist, content matchers, and random-path false-positive suppression (technique from brinhosa/apidetector).
Package discover actively probes targets for exposed Swagger/OpenAPI endpoints using the flagship wordlist, content matchers, and random-path false-positive suppression (technique from brinhosa/apidetector).
exploit
Package exploit verifies known Swagger-UI client-side vulnerabilities (configUrl/url DOM XSS, spec-driven HTML injection) using a headless browser for high-accuracy confirmation.
Package exploit verifies known Swagger-UI client-side vulnerabilities (configUrl/url DOM XSS, spec-driven HTML injection) using a headless browser for high-accuracy confirmation.
httpclient
Package httpclient provides a shared, rate-limited, concurrent HTTP client used across all SwaggerVu modules.
Package httpclient provides a shared, rate-limited, concurrent HTTP client used across all SwaggerVu modules.
osint
Package osint performs passive discovery of public API definitions via the SwaggerHub spec-search API (technique from UndeadSec/SwaggerSpy).
Package osint performs passive discovery of public API definitions via the SwaggerHub spec-search API (technique from UndeadSec/SwaggerSpy).
output
Package output centralizes result formatting (console, txt, json) for SwaggerVu.
Package output centralizes result formatting (console, txt, json) for SwaggerVu.
requestgen
Package requestgen turns a normalized OpenAPI spec into concrete HTTP requests, generating example values from schemas (ported/extended from BishopFox/sj).
Package requestgen turns a normalized OpenAPI spec into concrete HTTP requests, generating example values from schemas (ported/extended from BishopFox/sj).
scan
Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).
Package scan audits a loaded spec by generating and firing one request per operation, flagging endpoints reachable without auth and leaking data (skip-401/403 + largest-response BOLA heuristic from intruder-io/autoswagger).
secrets
Package secrets scans text (spec bodies, API responses) for leaked credentials using the merged TruffleHog/SwaggerSpy regex corpus.
Package secrets scans text (spec bodies, API responses) for leaked credentials using the merged TruffleHog/SwaggerSpy regex corpus.
spec
Package spec loads and normalizes Swagger 2.0 / OpenAPI 3.x definitions from JSON, YAML, or JavaScript-embedded sources into a single openapi3 document.
Package spec loads and normalizes Swagger 2.0 / OpenAPI 3.x definitions from JSON, YAML, or JavaScript-embedded sources into a single openapi3 document.
textutil
Package textutil provides small text-similarity helpers shared across modules (discovery false-positive baselining and authenticated-response diffing).
Package textutil provides small text-similarity helpers shared across modules (discovery false-positive baselining and authenticated-response diffing).
wayback
Package wayback harvests a target's archived URLs from the Wayback Machine CDX API and filters them down to API/Swagger-looking endpoints.
Package wayback harvests a target's archived URLs from the Wayback Machine CDX API and filters them down to API/Swagger-looking endpoints.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL