This tool checks if the given Url/File has Swagger Ui, That can be tested later for DomXSS....
Swagger UI is a really common library used to display API specifications in a nice-looking UI used by almost every company.
- git clone https://github.com/doosec101/swagger_scanner
- cd swagger_scanner
- pip3 install -r requirements.txt
- python3 swagger.py -u https://example.com
Some Usages
- python3 swagger.py -u https://example.com -v -o output.txt
- python3 swagger.py -f file_of_urls.txt
- python3 swagger.py -f file_of_urls.txt -v -o output.txt
Dorks:-
- Shodan: http.title:"Swagger Ui"
- Google: intext:"Swagger UI" intitle:"Swagger UI" site:yourarget.com