OpenSec Atlas

go-pwn-swagger: An Open Source Tool for Application Security | OpenSec Atlas

Application Security

Tool

go-pwn-swagger

A Go-based tool that detects Swagger UI versions and scans for associated vulnerabilities to help secure API documentation interfaces.

View on GitHub

About This Tool

A comprehensive Swagger UI version detection and vulnerability scanner written in Go.

Primary Use Case

This tool is designed for security professionals, developers, and API maintainers to accurately identify the Swagger UI version deployed on web applications and detect known security vulnerabilities tied to those versions. It aids in proactive security assessments and vulnerability management of API documentation interfaces.

Key Features

Detects Swagger UI versions from v1.x to v5.x using multiple detection methods
Identifies known vulnerabilities associated with specific Swagger UI versions
Supports concurrent scanning of multiple targets
Provides detailed vulnerability information and references
Uses headless browser capabilities for dynamic JavaScript detection
Offers both CLI output and JSON export options
Multiple detection methods including JavaScript execution, static JS pattern analysis, DOM structure analysis, asset filename inspection, and HTTP header analysis

Insights & Recommendations

The tool requires Go 1.23+ and a Chrome/Chromium browser installed for headless JavaScript execution. Swagger UI version detection relies on heuristics and multiple methods but may not be 100% accurate; manual verification of findings is recommended before making security decisions.

Installation

Ensure Go 1.23 or higher is installed
Install Chrome or Chromium browser for headless detection
Run `go install -v github.com/Abhinandan-Khurana/go-pwn-swagger@latest` to install directly
Alternatively, clone the repository with `git clone https://github.com/Abhinandan-Khurana/go-pwn-swagger.git`
Navigate into the cloned directory with `cd go-pwn-swagger`
Install dependencies using `go mod tidy`
Build the binary with `go build -o go-pwn-swagger`

Usage

./go-pwn-swagger -url https://example.com/swagger-ui/

Scan a single URL for Swagger UI version and vulnerabilities

./go-pwn-swagger -file urls.txt -concurrency 10

Scan multiple URLs listed in a file with a concurrency level of 10

./go-pwn-swagger -url https://example.com/swagger-ui/ -output results.json

Scan a single URL and output the results in JSON format to a file

./go-pwn-swagger -url https://example.com/swagger-ui/ -verbose

Run a scan with verbose output enabled for detailed logging

./go-pwn-swagger -help

Display help information and usage instructions

Smart Usage Notes

Integrate the tool into CI/CD pipelines to automate Swagger UI vulnerability detection during development cycles.Use concurrent scanning capabilities to efficiently assess large API environments and reduce assessment time.Combine with exploit frameworks like Metasploit to automate exploitation of detected vulnerable Swagger UI versions for red team exercises.Leverage JSON output for integration with SIEM or vulnerability management platforms to enhance blue team situational awareness.Employ headless browser detection to uncover vulnerabilities hidden behind dynamic JavaScript rendering, improving detection accuracy.