A stateful REST API fuzzing tool that automatically tests cloud services to find security and reliability bugs.
RESTler is a stateful REST API fuzzing tool that automatically tests cloud services by analyzing OpenAPI specifications and generating intelligent test sequences. It finds security and reliability bugs by understanding API dependencies and learning from service responses during testing.
Security researchers, DevOps engineers, and API developers who need to automatically test and secure REST APIs, especially in cloud service environments.
Developers choose RESTler because it's the first stateful fuzzing tool that intelligently infers API dependencies, explores deep service states, and finds bugs missed by traditional testing methods, all backed by Microsoft Research.
RESTler is the first stateful REST API fuzzing tool for automatically testing cloud services through their REST APIs and finding security and reliability bugs in these services.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Analyzes OpenAPI specs to infer producer-consumer relationships, enabling tests that understand and exploit API state sequences for deeper bug hunting.
Dynamically adapts test generation based on prior service responses, allowing exploration of complex request sequences that traditional tools miss.
Offers compile, test, fuzz-lean, and deep fuzzing modes, providing flexibility from smoke tests to aggressive bug hunting with different trade-offs.
Includes specific checkers for issues like resource leaks and hierarchy violations, going beyond generic error detection to find logic bugs.
Limited to APIs with OpenAPI specifications, excluding services that lack or cannot generate such documentation, which restricts usability.
Requires Python 3.12.8 and .NET 8.0, with potential build issues like nuget errors, making deployment non-trivial and error-prone.
Deep fuzzing modes can create resource leaks or backend corruptions in poorly implemented services, posing risks without proper isolation or staging.