.png%3Falt%3Dmedia%26token%3Dc0e56aa6-b7c5-4a58-8aad-7aaba748f8c5)
.png%3Falt%3Dmedia%26token%3Dc0e56aa6-b7c5-4a58-8aad-7aaba748f8c5)
Comment on page
Pynt Command
Master Pynt's commands with our onboarding guide! Explore the 'pynt' command in our documentation to efficiently navigate and utilize Pynt's powerful features.
Pynt command is an experimental feature of Pynt CLI (from CLI version 0.1.31) that runs API security tests on your functional test script.
If you are using any command line to run API functional testing you can use pynt command to run API Security tests, just wrap your command line with pynt command:
pynt command --cmd <your command line>See examples on running Pynt on goat in different programming languages:
Python
Java (Rest Assured)
for example: goat_functional_test.py is a python based tester for goat (our vulnerable application) that we use to test the functionality of goat, we run it with:
pytest goat_functional_test.py
Now, to run Pynt on it, we run:
pynt command --cmd "pytest goat_functional_test.py"
If your functional test is enforcing SSL certificate verification (e.g. https) you will need to provide Pynt a certificate, If your client need a specific certificate, provide the path to it with
--ca_pathpynt command --cmd "<your test command>" --ca-path <path to certificate file>
If your client does not use a specific certificate you will need to generate a certificate file and provide it to Pynt:
3)
chmod +x make_certificate.sh4) Generate the certificate:
./make_certificate.sh Use the export REQUESTS_CA_BUNDLE before your command to instruct your functional test to use the new certificate and provide the path ti the certificate with --ca-path to instruct Pynt to use the generated certificate
pynt command --cmd "export REQUESTS_CA_BUNDLE=rootCA.crt && python3 <your command here>" --ca-path rootCA.pem
for example: goat-rest-assured is a Rest Assured based project of a functional test of goat vulnerable application. we run it with:
mvn test
Now, to run Pynt on it, we run:
pynt command --cmd "mvn -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=6666 test"
If your functional test is enforcing SSL certificate verification (e.g. https) you will need to provide Pynt a certificate, If your client need a specific certificate, provide the path to it with
--ca_pathpynt command --cmd "<your test command> -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=6666 -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=6666" --ca-path <path to certificate file>
If your client does not use a specific certificate you will need to generate a certificate file and provide it to Pynt:
3)
chmod +x make_certificate.sh4) Generate the certificate:
./make_certificate.sh 5) create a trust-store, you will be prompted with entering a password for the key store (from now on we will assume the trust-store is called test.jks and the password is test123456):
keytool -importcert -file ./rootCA.crt -keystore test.jks
pynt command --cmd "mvn test -Dhttp.proxyHost=127.0.0.1 -Dhttp.proxyPort=6666 -Dhttps.proxyHost=127.0.0.1 -Dhttps.proxyPort=6666 -Djavax.net.ssl.trustStore=./test.jks -Djavax.net.ssl.trustStorePassword=test123456" --ca-path rootCA.pem
*Pynt command is currently in beta phase
Last modified 1mo ago