OpenAPI 2.0 (Swagger) fuzzer written in python. Basically TnT for your API.
Clone or download

Build Status Known Vulnerabilities

OpenAPI (swagger) fuzzer written in python. This fuzzer is like dynamite for your API!

TnT-Fuzzer is designed to make fuzzing, robustness testing and validation of REST APIs easy and maintainable. After a fuzzing run, the log files state the exact history of requests to reenact a crash or misuse. TnT-Fuzzer can be used for penetration testing or continued testing of a service in development.

A project of


TnT-Fuzzer shifted support away from python 2 to python 3.7. If you need a python 2 compatible source, lookup TnT-Fuzzer Version 1.0.0 and below.

With pip

Just install tntfuzzer with pip and its ready for usage:

pip install tntfuzzer

From source

Checkout git repository. Navigate into fresh cloned repository and install all dependencies needed. All dependencies are listed in requirements.txt and can be installed via pip:

pip install -r requirements.txt

However, at the moment of writing this guide the PyJFuzz dependency available via pypi is outdated only compatible with python 2 only. So, when problems installing the PyJFuzz dependency occur, install the newest version of it manually and then install the other dependencies:

git clone && cd PyJFuzz && python install
cd ..
pip install -r requirements.txt

Then all dependencies should be met and run tntfuzzer with:

python tntfuzzer/

For Development

There are dependencies only needed for developing the fuzzer. These are listed in the requirements-dev.txt and can be installed via pip:

pip install -r requirements-dev.txt


For testing or development, have a look at the swagger petstore example. A local stub server can easily be generated and run locally.

Run software tests using the following command:

$ cd tntfuzzer
$ nosetests  tests/core/*.py tests/utils/*.py tests/*.py
Ran 41 tests in 0.028s




To get a better hang what can be done with tntfuzzer, print the usage infos:

tntfuzzer -h

The most important parameter is the --url, with the URL to your OpenAPI specification json file.

The parameter --iterations will specifiy how often an API call will be fuzzed. If the --iterations parameter is not specified, every API call is fuzzed only once.

Per default only responses that are not documented in your Service's OpenAPI specification are logged. This way only undocumented errors are logged. If you want all fuzz responses to be logged, you have to specify that by setting the --log_all parameter.

So following example run will fuzz every API call specified in the swagger.json with 100 permutations each. All responses received from the server are logged:

tntfuzzer --url --iterations 100 --log_all


When run, TnT-Fuzzer logs all responses in a table on commandline:

operation url response code response message response body curl command
get http://localhost:8080/v2/apicall 200 Successful Operation {'success': true} curl -XGET -H "Content-type: application/json" -d '{'foo': bar}' 'http://localhost:8080/v2/apicall'