Skip to content

arash-mazidi/LightMass

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.settings
.settings
 
 
resource
resource
 
 
src/main/java/Parser
src/main/java/Parser
 
 
target/classes
target/classes
 
 
.classpath
.classpath
 
 
.project
.project
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config.json
config.json
 
 
pom.xml
pom.xml
 
 

Repository files navigation

LightMass: Mining REST APIs for Potential Mass Assignment Vulnerabilities

What is LightMass?

It is a tool that mines the openAPI specifications of REST APIs and identifies candidate endpoints, operations and attributes for mass assignment vulnerabilities.

How to configure LightMass?

There is a config.json file where you can set the following parameters:

"openAPIname" --> Name of the openAPI that LighMass should mine.

"threshold" --> Threshold for identifying similar operations.

You also need to copy the openAPI specification in the resource folder.

How LightMass works?

1- It reads the openAPI specification from the "resource" folder.

2- It parses each specification file.

3- It reports potential vulnerable endpoints, operations, and attributes in each API.

About

LightMass: A tool that mines REST APIs for potential mass assignment vulnerabilities

Topics

rest-api mass-assignment-vulnerabilities

Resources

Readme

License

MIT license
Activity

Stars

4 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages