-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtest_api_curl.sh
More file actions
67 lines (60 loc) · 2.16 KB
/
test_api_curl.sh
File metadata and controls
67 lines (60 loc) · 2.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/bin/bash
# XSS Scanner API Test Commands
# Run these curl commands to test your API endpoints
echo "🧪 XSS Scanner API Tests"
echo "========================"
# Test API Status
echo -e "\n1. Testing API Status:"
curl -X GET "http://localhost:8000/api/status" \
-H "Content-Type: application/json"
# Test XSS Scanning
echo -e "\n\n2. Testing XSS Scan (Basic innerHTML):"
curl -X POST "http://localhost:8000/api/scan" \
-H "Content-Type: application/json" \
-H "X-API-Key: your-api-key-here" \
-d '{
"code": "document.getElementById(\"content\").innerHTML = userInput;",
"options": {
"scan_type": "full",
"severity_threshold": "medium"
}
}'
echo -e "\n\n3. Testing XSS Scan (Multiple vulnerabilities):"
curl -X POST "http://localhost:8000/api/scan" \
-H "Content-Type: application/json" \
-H "X-API-Key: your-api-key-here" \
-d '{
"code": "<script>var userInput = \"<script>alert(1)</script>\"; document.getElementById(\"content\").innerHTML = userInput; eval(\"alert(2)\"); document.write(\"<img src=x onerror=alert(3)>\");</script>",
"options": {
"scan_type": "full",
"severity_threshold": "low"
}
}'
echo -e "\n\n4. Testing XSS Scan (Safe code):"
curl -X POST "http://localhost:8000/api/scan" \
-H "Content-Type: application/json" \
-H "X-API-Key: your-api-key-here" \
-d '{
"code": "<script>document.getElementById(\"content\").textContent = userInput; console.log(\"safe\");</script>",
"options": {
"scan_type": "full",
"severity_threshold": "medium"
}
}'
echo -e "\n\n5. Testing Invalid API Key:"
curl -X POST "http://localhost:8000/api/scan" \
-H "Content-Type: application/json" \
-H "X-API-Key: invalid-key" \
-d '{
"code": "document.getElementById(\"content\").innerHTML = userInput;",
"options": {
"scan_type": "full",
"severity_threshold": "medium"
}
}'
echo -e "\n\n"===================="
echo "📝 Notes:"
echo "- Replace 'your-api-key-here' with your actual API key"
echo "- Make sure your API server is running on localhost:8000"
echo "- Check the JSON responses for vulnerability details"
echo "- Use the test_code_samples.txt file for more test cases"