Syntribos is an Automated API Security Testing Tool for OpenStack APIs provided by the OpenStack Security Project
Given a simple configuration file and an example HTTP request, Syntribos can replace any API URL, URL parameter, HTTP header and request body field with a given set of strings. This is similar to Burp Proxy's Intruder sniper attack, but Syntribos iterates through each position automatically. Syntribos aims to automatically detect common security defects such as SQL injection, LDAP injection, buffer overflow, etc. In addtion, Syntribos can be used to help identifying new security defects by fuzzing.
Syntribos has the capability to test any API, but is designed with OpenStack applications in mind.
Project information
- Licence:
- Apache Licence
View full history Series and milestones
trunk series is the current focus of development.
All bugs Latest bugs reported
-
Bug #1837378: I am geeting an below mentioned error while running Syntribos
Reported -
Bug #1826824: Replace git.openstack.org URLs with opendev.org URLs
Reported -
Bug #1749604: "LENGTH_DIFF_OVER" signal is not handled properly.As a result of which,this test case failure is reported incorrectly.
Reported -
Bug #1729797: Failed to get payloads and templates files
Reported -
Bug #1729547: Could not install syntribos from source
Reported
All blueprints Latest blueprints
-
Random Fuzzer engine
Registered -
Create remote repos for syntribos
Registered -
Inject payloads from remote URI
Registered -
Implement the config loading scheme (local dir, ~/.config, absolute path)
Registered -
Add support for configurable tenant id in request templates
Registered
