"""AUTARCH API Fuzzer
Endpoint discovery, parameter fuzzing, auth testing, rate limit detection,
GraphQL introspection, and response analysis for REST/GraphQL APIs.
"""
DESCRIPTION = "API endpoint fuzzing & vulnerability testing"
AUTHOR = "darkHal"
VERSION = "1.0"
CATEGORY = "offense"
import os
import re
import json
import time
import copy
import threading
from pathlib import Path
from urllib.parse import urljoin, urlparse, parse_qs
from typing import Dict, List, Optional, Any, Tuple
try:
from core.paths import get_data_dir
except ImportError:
def get_data_dir():
return str(Path(__file__).parent.parent / 'data')
try:
import requests
from requests.exceptions import RequestException
HAS_REQUESTS = True
except ImportError:
HAS_REQUESTS = False
# ── Fuzz Payloads ────────────────────────────────────────────────────────────
SQLI_PAYLOADS = [
"' OR '1'='1", "\" OR \"1\"=\"1", "'; DROP TABLE--", "1; SELECT 1--",
"' UNION SELECT NULL--", "1' AND '1'='1", "admin'--", "' OR 1=1#",
"1 AND 1=1", "1' ORDER BY 1--", "') OR ('1'='1",
]
XSS_PAYLOADS = [
"", "'\">
",
"javascript:alert(1)", "