Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
APACHE-2.0 License
Bot releases are hidden (Show)
This minor release brings these notable enhancements and additions to our open-source tool, enhancing its functionality and usability. Download the update now to enjoy these improvements!
Published by GuyL99 over 1 year ago
Full Changelog: https://github.com/blst-security/cherrybomb/compare/v0.7.0...v1.0.0
Published by GuyL99 about 2 years ago
We are excited to announce the release of Cherrybomb’s new version!
The main feature of the v0.7.0 release is the new Active module.
We’ve also fixed various bugs and made some security updates.
The active module takes our API testing to a new level. By providing not only static testing and auditing of your OAS file (with the passive module), but a test that tests the API itself by sending requests and analyzing the responses.
We’ve implemented Improvements to the CLI interface to better support CI pipelines.
Published by GuyL99 over 2 years ago
Published by GuyL99 over 2 years ago
Full Changelog: https://github.com/blst-security/cherrybomb/compare/v0.5.2...v0.6.0
Published by GuyL99 over 2 years ago
Published by GuyL99 over 2 years ago
We have released the long awaiting check regarding auth scopes in different methods
Thanks to @H31S3nb3rg-0x00 for contributing the check!
Hearing back some feedback we added a new command that you can use to call the OpenAPI specification validation.
cherrybomb oas
It functions exactly like the swagger command.
Published by GuyL99 over 2 years ago
You can run the swagger scan command with the --param-table
flag and get a table with all of the APIs parameters.
Published by GuyL99 over 2 years ago
Added support for OAS 3.1
Published by GuyL99 over 2 years ago
Fixed a bug that fixated the CLI on the home dir
Published by GuyL99 over 2 years ago
First release, no need to register