CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
APACHE-2.0 License
Bot releases are hidden (Show)
Release Notes:
--targetFields
are not supplied, compute all fields combinations from --data
for cats fuzz
--urlParams
are not supplied for http methods with body, generate random values--simpleReplace
and --printProgress
for cats fuzz sub-commandefData
from all not adding keys that were not on the path entrycats fuzz
FUZZ
keywordRelease notes:
Release notes:
Release notes:
cats list ...
Release Notes:
cats random ...
that let's you run fuzzing continuously until certain stop conditions are metRelease notes:
--matchInput
argument to check if input is reflected in responseRelease Notes:
Release notes:
Release Notes:
--maskHeaders
argument to mask sensitive headers in report files--ignoreResponseContentTypeCheck
to ignore this checkVersionsLinterFuzzer
will now check for versions in paths, servers definition and content type headersNamingsLinterFuzzer
is now split into more granular linters501
is now on the response code ignore list when running in --blackbox
modecats stats
sub-command to display some statistics about OpenAPI contractscats list
sub-commandPublished by en-milie 11 months ago
Release notes:
application/merge-patch+json
for PATCH operationscheckFalse
and checkTrue
to be used instead of checkBoolean
in verify
sectioncats info
sub-command to display details about OS and CATS version--verbosity summary
--verbosity summary
if CATS cannot run at allPublished by en-milie 12 months ago
Release notes:
Changed behaviour:
Of
in the Fuzzers naming--verbosity
argument to allow a more compact output in console which default to summary
and reduced CATS logging to less verbose outputRelease notes:
--no-color
null
and empty bodiesContent-Length
and Transfer-Encoding
headersUser-Agent
headercats replay
commandcats list --paths
subcommand--ignoreXXX
argumentsRelease notes:
empty_body
when checking naming conventionslint
commandRelease notes:
cats replay
if --output
argument is supplied. #71--server
when running cats replay
.js
to .json
StringSchema
. This includes email
, password
, etc.null