Let's say I have an API api.example.com and I want to test all endpoints. I don't have access to documentation, how I can enumerate all the endpoints?
Asked
Active
Viewed 7,545 times
2
-
I'm not sure if this is on-topic here. Could you elaborate on why you think it is? – Tom K. Apr 26 '18 at 12:44
-
I am testing the security of an api, what I have learned that in most apis, some endpoints are not protected and you can have unauthorised access – john Apr 26 '18 at 15:01
-
I'm assuming you were assigned this, as a pen-test? Then we should assume that an attacker can find the API endpoints. You may have to teach the customer about the problems with security-by-obscurity. – S.L. Barth Apr 26 '18 at 15:10
1 Answers
2
From the outside, there's no generic method. A site can have as many (possibly obfuscated) endpoints as they wish.
You could, however, get lucky if there is an automatically generated site-map; it might just include a list of endpoints.
From the inside, it's possible. It can be labor-intensive, depending on how the site works. If you have access to the web server configuration, you can walk through it to find the endpoints.
For an Apache webserver, start with httpd.conf .
For IIS, you'll have to open the GUI and find the sites hosted by that IIS server, then find the endpoints on them.
S.L. Barth
- 5,486
- 8
- 38
- 47