Skip to content

Commit 715f89e

Browse files
author
Lukas Geiger
committed
chore: harden ApiProber packaging and CI
1 parent cf2aa3a commit 715f89e

12 files changed

Lines changed: 278 additions & 46 deletions

File tree

.github/workflows/stale.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ jobs:
1313
stale:
1414
runs-on: ubuntu-latest
1515
steps:
16-
- uses: actions/stale@v9
16+
- uses: actions/stale@v10
1717
with:
1818
stale-issue-message: >
1919
This issue has been automatically marked as stale because it has not had

.github/workflows/tests.yml

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
name: ApiProber smoke tests
2+
3+
on:
4+
push:
5+
branches: [main]
6+
pull_request:
7+
branches: [main]
8+
workflow_dispatch:
9+
10+
permissions:
11+
contents: read
12+
13+
jobs:
14+
test:
15+
runs-on: ubuntu-latest
16+
strategy:
17+
fail-fast: false
18+
matrix:
19+
python-version: ["3.10", "3.11", "3.12"]
20+
21+
steps:
22+
- name: Check out repository
23+
uses: actions/checkout@v4
24+
25+
- name: Set up Python
26+
uses: actions/setup-python@v5
27+
with:
28+
python-version: ${{ matrix.python-version }}
29+
30+
- name: Install test dependencies
31+
run: python -m pip install --upgrade pip pytest
32+
33+
- name: Run smoke tests
34+
run: python -m pytest -q
35+
36+
- name: Compile Python files
37+
run: python -m compileall -q .

.github/workflows/welcome.yml

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,19 +14,19 @@ jobs:
1414
welcome:
1515
runs-on: ubuntu-latest
1616
steps:
17-
- uses: actions/first-interaction@v1
17+
- uses: actions/first-interaction@v3
1818
with:
19-
repo-token: ${{ secrets.GITHUB_TOKEN }}
20-
issue-message: |
21-
Welcome! 👋 Thanks for opening your first issue in this repository.
19+
repo_token: ${{ secrets.GITHUB_TOKEN }}
20+
issue_message: |
21+
Welcome! Thanks for opening your first issue in this repository.
2222
2323
We'll review it as soon as possible. In the meantime:
2424
- Check if there's a similar issue already open
2525
- Add as much detail as possible (steps to reproduce, expected behavior, environment)
2626
2727
If you'd like to contribute a fix, PRs are always welcome!
28-
pr-message: |
29-
Welcome! 👋 Thanks for your first pull request in this repository.
28+
pr_message: |
29+
Welcome! Thanks for your first pull request in this repository.
3030
3131
A maintainer will review it soon. Please make sure:
3232
- [ ] Your changes are tested

.gitignore

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ PLAN_*.txt
44

55
# Python
66
__pycache__/
7+
*.pyc
78
*.py[cod]
89
*$py.class
910
*.egg-info/
@@ -12,6 +13,7 @@ build/
1213
*.egg
1314

1415
# Runtime data
16+
*.db
1517
data/
1618
exports/
1719

CHANGELOG.md

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
# Changelog
2+
3+
## 2026-06-01
4+
5+
- Fixed repository metadata after the move to `dev-bricks/apiprober`.
6+
- Made the flat `ApiProber` package installable through `pyproject.toml`.
7+
- Added a GitHub Actions smoke-test workflow.
8+
- Changed the live network smoke test to opt-in so CI remains deterministic.
9+
- Added `llms.txt` for machine-readable repository context.
10+
- Updated community workflow action versions and input names.

README.md

Lines changed: 65 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -2,16 +2,30 @@
22
<img src="ApiProber_logo.jpg" alt="ApiProber" width="700">
33
</p>
44

5-
# ApiProber -- Systematic API Discovery Tool
5+
# ApiProber -- Passive API Discovery and Documentation Tool
66

7-
Probe undocumented or poorly documented APIs. Discover endpoints through
8-
trial-and-error, map API structures, store results in SQLite, and generate
9-
documentation.
7+
ApiProber is a zero-dependency Python CLI for passive API discovery. It helps
8+
developers and maintainers map undocumented REST services, compare live
9+
behavior with API documentation, persist observations in SQLite, and export
10+
Markdown or JSON documentation.
1011

1112
**Author:** Lukas Geiger | **License:** MIT | **Python:** 3.8+ (stdlib only)
1213

1314
---
1415

16+
## Best Fit
17+
18+
- Internal REST services where no OpenAPI file exists
19+
- Legacy APIs that need lightweight endpoint documentation
20+
- Documentation audits where live behavior should be compared with expected routes
21+
- Local-first reconnaissance before writing a proper client or SDK
22+
- Passive security review with explicit authorization
23+
24+
ApiProber is not an exploit framework, vulnerability scanner, load tester, or
25+
fuzzer. Use it only on APIs you own or are allowed to assess.
26+
27+
---
28+
1529
## Features
1630

1731
- **Multi-Strategy Discovery:** OpenAPI detection, wordlist probing, pattern expansion, HATEOAS link following
@@ -32,11 +46,11 @@ documentation.
3246
No installation required -- works with Python 3.8+ standard library only.
3347

3448
```bash
35-
git clone https://github.com/lukisch/apiprober.git
49+
git clone https://github.com/dev-bricks/apiprober.git
3650
cd apiprober
3751

38-
# Run directly
39-
python -m ApiProber --help
52+
# Run directly from the repository root
53+
python api_prober.py --help
4054

4155
# Or install as package
4256
pip install -e .
@@ -51,47 +65,47 @@ apiprober --help
5165

5266
```bash
5367
# Basic probe
54-
python -m ApiProber probe https://jsonplaceholder.typicode.com
68+
python api_prober.py probe https://jsonplaceholder.typicode.com
5569

5670
# Deep probe with custom delay
57-
python -m ApiProber probe https://api.example.com --depth 2 --delay-ms 1000
71+
python api_prober.py probe https://api.example.com --depth 2 --delay-ms 1000
5872

5973
# Authenticated probe
60-
python -m ApiProber probe https://api.example.com --auth-type bearer --auth-value "YOUR_TOKEN"
74+
python api_prober.py probe https://api.example.com --auth-type bearer --auth-value "YOUR_TOKEN"
6175
```
6276

6377
### Manage Services
6478

6579
```bash
6680
# List all probed services
67-
python -m ApiProber list
81+
python api_prober.py list
6882

6983
# Show details for a specific service
70-
python -m ApiProber status jsonplaceholder
84+
python api_prober.py status jsonplaceholder
7185

7286
# Resume interrupted probing
73-
python -m ApiProber resume jsonplaceholder
87+
python api_prober.py resume jsonplaceholder
7488
```
7589

7690
### Export Results
7791

7892
```bash
7993
# Export as Markdown documentation
80-
python -m ApiProber export jsonplaceholder --format md
94+
python api_prober.py export jsonplaceholder --format md
8195

8296
# Export as JSON (OpenAPI-like)
83-
python -m ApiProber export jsonplaceholder --format json
97+
python api_prober.py export jsonplaceholder --format json
8498
```
8599

86100
### Configuration
87101

88102
```bash
89103
# Show current config
90-
python -m ApiProber config --show
104+
python api_prober.py config --show
91105

92106
# Set values
93-
python -m ApiProber config --set delay_ms 1000
94-
python -m ApiProber config --set auth.type bearer
107+
python api_prober.py config --set delay_ms 1000
108+
python api_prober.py config --set auth.type bearer
95109
```
96110

97111
---
@@ -114,7 +128,7 @@ ApiProber is designed for responsible API exploration:
114128
- **Default: Read-only** -- Only GET, HEAD, OPTIONS (no POST/PUT/DELETE unless `--test-all-methods` flag)
115129
- **Built-in rate limiting** -- Configurable delay between requests
116130
- **robots.txt compliance** -- Automatically respects access restrictions
117-
- **Transparent User-Agent** -- `ApiProber/0.1 (github.com/lukisch; passive-discovery)`
131+
- **Transparent User-Agent** -- `ApiProber/0.1 (github.com/dev-bricks/apiprober; passive-discovery)`
118132
- **No fuzzing, no exploitation** -- Purely passive discovery
119133

120134
---
@@ -154,11 +168,19 @@ ApiProber/
154168

155169
## Use Cases
156170

157-
- **Reverse engineering** undocumented internal APIs
171+
- **Documenting** undocumented internal APIs
158172
- **Validating** API documentation against actual behavior
159-
- **Discovering** hidden endpoints in third-party services
173+
- **Finding** reachable endpoints in systems you are authorized to assess
160174
- **Generating** API documentation for legacy systems
161-
- **Security auditing** (passive reconnaissance only)
175+
- **Security auditing** through passive reconnaissance only
176+
177+
---
178+
179+
## Discoverability Keywords
180+
181+
`passive API discovery`, `REST API documentation generator`, `OpenAPI detection`,
182+
`HATEOAS link crawler`, `local-first API reconnaissance`, `zero-dependency Python
183+
CLI`, `SQLite API inventory`, `ethical API probing`
162184

163185
---
164186

@@ -168,17 +190,36 @@ MIT License. See [LICENSE](LICENSE).
168190

169191
---
170192

193+
## Development
194+
195+
Run the local smoke tests without live network probing:
196+
197+
```bash
198+
python -m pytest -q
199+
python -m compileall -q .
200+
```
201+
202+
The live `jsonplaceholder.typicode.com` probe is opt-in for manual checks:
203+
204+
```bash
205+
set APIPROBER_RUN_NETWORK_TESTS=1
206+
python -m pytest -q test_smoke.py
207+
```
208+
209+
---
210+
171211
## Author
172212

173213
Lukas Geiger -- [github.com/lukisch](https://github.com/lukisch)
174214

215+
Repository -- [dev-bricks/apiprober](https://github.com/dev-bricks/apiprober)
216+
175217
---
176218

177219
## Haftung / Liability
178220

179-
Dieses Projekt ist eine **unentgeltliche Open-Source-Schenkung** im Sinne der §§ 516 ff. BGB. Die Haftung des Urhebers ist gemäß **§ 521 BGB** auf **Vorsatz und grobe Fahrlässigkeit** beschränkt. Ergänzend gelten die Haftungsausschlüsse aus GPL-3.0 / MIT / Apache-2.0 §§ 15–16 (je nach gewählter Lizenz).
221+
Dieses Projekt ist eine **unentgeltliche Open-Source-Schenkung** im Sinne der §§ 516 ff. BGB. Die Haftung des Urhebers ist gemäß **§ 521 BGB** auf **Vorsatz und grobe Fahrlässigkeit** beschränkt. Ergänzend gelten die Haftungsausschlüsse aus der MIT-Lizenz.
180222

181223
Nutzung auf eigenes Risiko. Keine Wartungszusage, keine Verfügbarkeitsgarantie, keine Gewähr für Fehlerfreiheit oder Eignung für einen bestimmten Zweck.
182224

183225
This project is an unpaid open-source donation. Liability is limited to intent and gross negligence (§ 521 German Civil Code). Use at your own risk. No warranty, no maintenance guarantee, no fitness-for-purpose assumed.
184-

TODO.md

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
# Pre-Release TODO: ApiProber
2+
3+
**Audit Date:** 2026-05-27
4+
**Auditor:** GPT / Codex automation
5+
**Target Repo:** `dev-bricks/apiprober`
6+
7+
---
8+
9+
## BLOCKER
10+
11+
- [x] **Secrets:** No secret patterns found in tracked text files.
12+
- [x] **Private Data:** No known private email patterns found outside allowed metadata.
13+
- [x] **Hardcoded Paths:** No personal Windows or Unix home paths found.
14+
- [x] **Database Files:** No `.db` files are tracked.
15+
- [x] **.env Files:** No `.env` files are tracked.
16+
- [x] **BACH Internals:** No BACH-internal documents are tracked.
17+
- [x] **.gitignore:** Minimum gate entries are present.
18+
- [x] **LICENSE:** MIT license file is present.
19+
- [x] **README.md:** English README is present; German liability section is intentional and uses real umlauts.
20+
21+
---
22+
23+
## HIGH PRIORITY
24+
25+
- [x] Add `CHANGELOG.md` before the next tagged release.
26+
- [ ] Decide whether generated local probe outputs should stay entirely in `data/` and `exports/` or move to a configurable runtime directory.
27+
28+
---
29+
30+
## MEDIUM PRIORITY
31+
32+
- [x] Add CI for the smoke test.
33+
- [ ] Expand tests around auth handling, robots.txt decisions and export output.
34+
- [ ] Review whether the package import path should be normalized before PyPI publication.
35+
36+
---
37+
38+
## LOW PRIORITY
39+
40+
- [ ] Add badges after CI exists.
41+
- [ ] Publish to PyPI after a final release review.
42+
43+
---
44+
45+
## STATUS
46+
47+
| Category | Status | Notes |
48+
|----------|--------|-------|
49+
| Secrets | PASS | Gate scan found no secret patterns. |
50+
| Private Data (PII) | PASS | Known private email patterns were not found. |
51+
| .gitignore | PASS | Minimum entries are present. |
52+
| Language (English) | PASS | README passes the gate; German liability section is intentional. |
53+
| BACH Internals | PASS | No BACH-internal files are tracked. |
54+
| Database Files | PASS | No `.db` files are tracked. |
55+
| README.md | PASS | Present and release-oriented. |
56+
| LICENSE | PASS | MIT license present. |
57+
| **Overall** | **READY** | Final Gate Check passes after this audit. |
58+
59+
**Audit Date:** 2026-05-27
60+
**Gate Check Exit Code:** `0`
61+
62+
---
63+
64+
*Template basis: MODULES/_templates/TODO_TEMPLATE.md*

config.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
"connect_timeout_s": 10,
77
"read_timeout_s": 30,
88
"max_retries": 2,
9-
"user_agent": "ApiProber/0.1 (github.com/lukisch; passive-discovery)",
9+
"user_agent": "ApiProber/0.1 (github.com/dev-bricks/apiprober; passive-discovery)",
1010
"respect_robots_txt": true,
1111
"skip_destructive": true,
1212
"strategies": ["openapi", "wordlist", "pattern", "response_driven"],

core/config.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
"connect_timeout_s": 10,
1919
"read_timeout_s": 30,
2020
"max_retries": 2,
21-
"user_agent": "ApiProber/0.1 (github.com/lukisch; passive-discovery)",
21+
"user_agent": "ApiProber/0.1 (github.com/dev-bricks/apiprober; passive-discovery)",
2222
"respect_robots_txt": True,
2323
"skip_destructive": True,
2424
"strategies": ["openapi", "wordlist", "pattern", "response_driven"],

0 commit comments

Comments
 (0)