API-Security-Scanner/config.yaml at master · elliotsecops/API-Security-Scanner · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
# API Security Scanner - Phase 4 Enterprise Configuration
# This configuration file demonstrates all Phase 4 enterprise features

scanner:
  # API endpoints to test
  api_endpoints:
    - url: "https://api.example.com/users"
      method: "GET"
    - url: "https://api.example.com/users"
      method: "POST"
      body: '{"name":"test","email":"test@example.com"}'
    - url: "https://api.example.com/users/{id}"
      method: "GET"
    - url: "https://api.example.com/products"
      method: "GET"

  # Injection test payloads
  injection_payloads:
    - "' OR '1'='1"
    - "' OR 1=1--"
    - "' UNION SELECT NULL--"
    - "1; DROP TABLE users--"
    - "' AND (SELECT COUNT(*) FROM information_schema.tables)>0--"
    - "admin'--"
    - "' OR SLEEP(10)--"
    - "'; WAITFOR DELAY '0:0:10'--"

  # XSS test payloads
  xss_payloads:
    - "<script>alert('XSS')</script>"
    - "'>alert('XSS')<"
    - "<img src=x onerror=alert('XSS')>"
    - "javascript:alert('XSS')"
    - "<svg onload=alert('XSS')>"
    - "'\"><script>alert(String.fromCharCode(88,83,83))</script>"

  # NoSQL injection payloads
  nosql_payloads:
    - "{$ne: null}"
    - "{$gt: ''}"
    - "{$or: [1,1]}"
    - "{$where: 'sleep(100)'}"
    - "{$regex: '.*'}"
    - "{$exists: true}"
    - "{$in: [1,2,3]}"

  # Authentication configuration
  auth:
    enabled: false
    username: ""
    password: ""

  # Rate limiting configuration
  rate_limit:
    enabled: true
    requests_per_second: 10
    burst_size: 5

  # OpenAPI specification integration
  openapi_spec: ""

  # API discovery configuration
  api_discovery:
    enabled: true
    max_depth: 3
    follow_links: true
    discover_params: true
    user_agent: "API-Security-Scanner-Discovery/1.0"
    exclude_patterns:
      - "/static/"
      - "/assets/"
      - "/images/"
      - ".css"
      - ".js"
      - ".png"
      - ".jpg"

  # Historical data configuration
  historical_data:
    enabled: true
    storage_path: "./history"
    retention_days: 30
    compare_previous: true
    trend_analysis: true

# Tenant configuration for multi-tenant support
tenant:
  id: "default"
  name: "Default Organization"
  description: "Default tenant for single-tenant use"
  is_active: true

  settings:
    # Data isolation configuration
    data_isolation:
      enabled: false
      storage_path: "./history"
      encryption_enabled: false
      retention_days: 30

    # Resource limits
    resource_limits:
      max_concurrent_scans: 10
      max_endpoints_per_scan: 1000
      max_storage_mb: 10240
      scan_quota_monthly: 1000
      rate_limit:
        requests_per_second: 100
        burst_size: 50

    # Notification settings
    notifications:
      email:
        enabled: false
        smtp_host: ""
        smtp_port: 587
        username: ""
        password: ""
        from_email: ""
        recipients: []
      webhook:
        enabled: false
        url: ""
        method: "POST"
        headers: {}
        secret: ""
      slack:
        enabled: false
        webhook_url: ""
        channel: "#security"
        username: "api-scanner"

    # Custom branding
    custom_branding:
      enabled: false
      logo_url: ""
      primary_color: "#667eea"
      secondary_color: "#764ba2"
      company_name: "My Company"
      custom_footer: ""

    # SIEM integration settings
    siem_integration:
      enabled: false
      type: "syslog"  # syslog, splunk, elk, qradar, arcsight
      config: {}
      format: "json"  # json, cef, leef, syslog
      endpoint_url: ""
      auth_token: ""

# Metrics and monitoring dashboard configuration
metrics:
  enabled: true
  port: 8090
  update_interval: 30s
  retention_days: 30

  # Dashboard charts configuration
  charts:
    - title: "Vulnerability Overview"
      type: "pie"
      metrics: ["critical", "high", "medium", "low"]
      time_range: "24h"
      refresh: 30
    - title: "Performance Metrics"
      type: "line"
      metrics: ["response_time", "throughput"]
      time_range: "24h"
      refresh: 30
    - title: "Security Score Trend"
      type: "line"
      metrics: ["security_score"]
      time_range: "7d"
      refresh: 60
    - title: "Resource Usage"
      type: "gauge"
      metrics: ["cpu_usage", "memory_usage"]
      time_range: "1h"
      refresh: 15

  # Alert configuration
  alerts:
    - name: "High Vulnerability Count"
      metric: "vulnerability_count"
      condition: ">"
      threshold: 10
      duration: "5m"
      notifications: ["email", "slack"]
    - name: "High CPU Usage"
      metric: "cpu_usage"
      condition: ">"
      threshold: 80
      duration: "10m"
      notifications: ["email"]
    - name: "High Memory Usage"
      metric: "memory_usage"
      condition: ">"
      threshold: 2000  # 2GB
      duration: "10m"
      notifications: ["email"]

# SIEM integration configuration
siem:
  enabled: false
  type: "syslog"  # syslog, splunk, elk, qradar, arcsight
  config:
    host: "localhost"
    port: 514
    facility: "local0"
    severity: "info"
  format: "json"  # json, cef, leef, syslog
  endpoint_url: ""
  auth_token: ""

# Authentication configuration
auth:
  enabled: false
  type: "basic"  # basic, bearer, api_key, oauth2, jwt, mutual_tls
  config:
    # Basic auth
    username: ""
    password: ""

    # Bearer token
    token: ""
    expires_in: 3600

    # API key
    key: "X-API-Key"
    value: ""
    location: "header"  # header, query, cookie
    prefix: ""

    # OAuth2
    grant_type: "client_credentials"  # client_credentials, authorization_code, password
    client_id: ""
    client_secret: ""
    token_url: ""
    auth_url: ""
    redirect_url: ""
    scopes: ""

    # JWT
    algorithm: "HS256"  # HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512
    secret: ""
    private_key: ""
    public_key: ""
    key_file: ""
    claims: ""

    # Mutual TLS
    cert_file: ""
    ca_file: ""

# Server configuration
server:
  port: 8081
  host: "localhost"

# Request headers
headers:
  "User-Agent": "API-Security-Scanner/4.0"
  "X-Scanner": "true"