Exclude certain endpoints in my API from being tested

Hi there, thanks for answering all my previous questions. One more question for you. If I need to exclude certain endpoints in my API from being tested, how do I do that?

Hi Daniel, you have the power to control endpoint coverage for Mayhem for API in a couple of different ways. The first, as you request, is to exclude endpoints:

Ignore Endpoints (Blocklist)

mapi run \
MyTarget 60 \
'https://mytarget.com/path/to/openapi.json' \
--url 'https://mytarget.com/api/v3/' \
--ignore-endpoint <pattern>

Ignore Endpoints by API Spec Tags

mapi run \
MyTarget 60 \
'https://mytarget.com/path/to/openapi.json' \
--url 'https://mytarget.com/api/v3/' \
--ignore-endpoint-by-tag <tag>

You can also “include” endpoints, meaning that you will fuzz only the endpoints specified and nothing else (meaning that your fuzzing is going to be very targeted), by doing the following:

Include Endpoints (Allowlist)

mapi run \
MyTarget 60 \
'https://mytarget.com/path/to/openapi.json' \
--url 'https://mytarget.com/api/v3/' \ 
--include-endpoint <pattern>

Include Endpoints by API Spec Tags

mapi run \
MyTarget 60 \
'https://mytarget.com/path/to/openapi.json' \
--url 'https://mytarget.com/api/v3/' \ 
--include-endpoint-by-tag <tag>
1 Like