Akto WebsiteStart freeBook a demoDiscordGitHub

Run tests in CLI using Akto

You can also run Akto testing module on your CLI.

When to use

  • You can use the CLI if you want to run Akto tests locally on any API Collection.

  • The results from the CLI are NOT saved in Akto dashboard.

  • It is best used when developers want to run tests locally before committing to their branch. Note that the application host is chosen as in the API Collection by default.

  • You choose to override the application host url to localhost or a different staging URL.

How to use

Prepare the following environment vars -

  1. AKTO_API_KEY - Go to My accounts > Settings > Integrations > Akto API > Generate token. Copy the token generated.

  2. AKTO_DASHBOARD_URL - URL of your dashboard. Please ensure you can access dashboard

  3. TEST_IDS - Space-separated list of test IDs which you want to run eg. JWT_NONE_ALGO REMOVE_TOKENS . You can also set it as ALL to run all tests.

  4. API_COLLECTION_NAME - API collection name on which you want to run tests eg. juice_shop_demo.

  5. API_COLLECTION_ID - API collection id (integer) you want to run tests eg. 29623412. Only one of API_COLLECTION_NAME and API_COLLECTION_ID is required.

  6. TEST_APIS - Space-separated list of APIs you want to test. If absent, all APIs are selected

  7. OVERRIDE_APP_URL - change the staging application host. Akto will test APIs on this host

  8. OUTPUT_LEVEL - Output level of the result file. We have 4 output levels:

    1. NONE - No output file is generated.

    2. SUMMARY - [Default] The output file contains the tests executed and a list of all vulnerable APIs.

    3. DETAILED - The output file contains the SUMMARY as well as description and impact of the executed tests.

    4. DEBUG - The output file contains DETAILED output along with the original and attempt request and response for all the API tests.

Example CLI - (If you are not on Linux, please provide absolute path to your current directory instead of ${PWD})

docker run -v ${PWD}:/out \
   -e AKTO_DASHBOARD_URL=https://flash.staging.akto.io \
   -e TEST_IDS=JWT_NONE_ALGO \
   -e API_COLLECTION_ID=1689063104 \
   -e AKTO_API_KEY=OAzudPuzo8kh1234jCHtL3Vf0lTFzvDYZQMaKh4w \
   -e OUTPUT_LEVEL=DETAILED \
   aktosecurity/akto-api-testing-cli:latest

Results

  1. A short summary (API, Vulnerability, Severity) is printed on command line itself

  2. A file output.txt contains details of the test, based on the output level given.

  3. If you see version mismatch error, consider matching release version of your dashboard vs testing-cli

Sample results -

Limitations

  1. Results are not saved in Akto dashboard.

  2. Tests which use context will be skipped eg. AddUserId.yml, OldApiVersion.yml etc.

PreviousConduct Role-Based TestingNextSecure GraphQL APIs using Akto

Last updated