GitXplorerGitXplorer
E

heel-gun

public
17 stars
0 forks
3 issues

Commits

List of commits on branch master.
Verified
434f68fcde524e8d14eda93641c3b337d5535bb6

Merge pull request #9 from Enet4/ci-gh-actions

EEnet4 committed 3 years ago
Unverified
04ce4ce124b04b2a4236d312269c8d5525216923

Use GitHub Actions for CI

EEnet4 committed 3 years ago
Unverified
d304d24f5e76015e452fb7ab8eb38519ab5ff6d7

Update itertools and env_logger

EEnet4 committed 3 years ago
Unverified
422a218b25d7b90dac6411914b76a4ee3b6f272c

Update rand

EEnet4 committed 3 years ago
Unverified
3c0492da4b123395c777a0bf9b428606b9f4c756

get_only flag to ignore modifying operations

EEnet4 committed 5 years ago
Unverified
1e59cfabedd06f67b3221d06e79f0cd8442e8c38

Update dependencies

EEnet4 committed 5 years ago

README

The README file for this repository.

Heel Gun

Latest Version Build Status dependency status Minimum Rust Version Stable

Test your HTTP server for robustness to arbitrary inputs. heel-gun is a tool which performs several HTTP requests to identify cases where the server misbehaves. Requests are built randomly based on a set of configurable rules.

Using

This CLI tool expects two main arguments: the base URL to the HTTP server, and a configuration file defining the HTTP endpoints to test and how these arguments are generated.

USAGE:
    heel-gun [OPTIONS] <url> <config> [outdir]

FLAGS:
    -h, --help       Prints help information
    -V, --version    Prints version information

OPTIONS:
    -N <n>        number of iterations to test for each target [default: 100]

ARGS:
    <url>       the base URL to test
    <config>    path to configuration file
    <outdir>    path to the output directory containing the logs [default: output]

Example:

heel-gun http://testmachine.myspot.net:8080 resources/example.yaml -N 4

This will test the server with a random assortment of requests, such as these:

GET http://testmachine.myspot.net:8080/cool-endpoint/lBtY2g18?id=0&more=891134
GET http://testmachine.myspot.net:8080/cool-endpoint/ie9EMV9G?id=-1&more=238164
GET http://testmachine.myspot.net:8080/cool-endpoint/dJ7iV7cs?id=null&more=415128
GET http://testmachine.myspot.net:8080/cool-endpoint/HCvpC90k?id=null&more=902781
POST http://testmachine.myspot.net:8080/user/UBwqFvFnXh?admin=undefined
POST http://testmachine.myspot.net:8080/user/LkspwEu0g4?admin=null
POST http://testmachine.myspot.net:8080/user/pkgagTBnem?admin
POST http://testmachine.myspot.net:8080/user/rRdlgzll2D?admin=false

And record problematic responses in a CSV file:

method,uri,reason,file
GET,http://testmachine.myspot.net:8080/cool-endpoint/lBtY2g18?id=0&more=891134,501 Not Implemented
GET,http://testmachine.myspot.net:8080/cool-endpoint/ie9EMV9G?id=-1&more=238164,501 Not Implemented
GET,http://testmachine.myspot.net:8080/cool-endpoint/dJ7iV7cs?id=null&more=415128,501 Not Implemented
GET,http://testmachine.myspot.net:8080/cool-endpoint/HCvpC90k?id=null&more=902781,501 Not Implemented
POST,http://testmachine.myspot.net:8080/user/UBwqFvFnXh?admin=undefined,501 Not Implemented
POST,http://testmachine.myspot.net:8080/user/LkspwEu0g4?admin=null,501 Not Implemented
POST,http://testmachine.myspot.net:8080/user/pkgagTBnem?admin,501 Not Implemented
POST,http://testmachine.myspot.net:8080/user/rRdlgzll2D?admin=false,501 Not Implemented

Moreover, the HTTP bodies of server error responses are saved as independent files in an output directory:

output/
├── GET
│   └── cool-endpoint
│       ├── lBtY2g18?id=0&more=891134
│       ├── ie9EMV9G?id=-1&more=238164
│       ├── dJ7iV7cs?id=null&more=415128
│       └──  HCvpC90k?id=null&more=902781
└── POST
    └── user
        ├── UBwqFvFnXh?admin=undefined
        ├── LkspwEu0g4?admin=null
        ├── pkgagTBnem?admin
        └── rRdlgzll2D?admin=false

For the time being, problematic responses are either HTTP responses with a 5xx status code, or requests which result in a broken or timed out connection.

<config> is a file describing a set of rules for producing URI paths and other parameters such as query string arguments. The schema is available as a TypeScript type definition file (heel-gun.d.ts). See also the resources directory for examples. Support for Play framework "routes" definitions is available as an experimental feature.

You can also define the RUST_LOG environment variable for additional logging output (as defined by log, to one of "error", "warn", "info", "debug" or "trace"):

RUST_LOG=info heel-gun http://testmachine.myspot.net:8080 resources/example.yaml

License and Warning Note

Licensed under either of

at your option.

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.

In spite of the main goal of testing for server robustness, this tool may also present itself as capable of doing dangerous mistakes (such as running in production), poorly intended actions (DoS attacks), and other sorts of misuse. Please be responsible when using heel-gun. As defined by the aforementioned license, all authors and contributors to heel-gun cannot be held liable for any damage which may occur from the use of this software.