oppa requires Go 1.22+ to install successfully.
CGO_ENABLED=1 go install github.com/oneaudit/oppa/cmd/oppa@latestoppa -h
This will display help for the tool. Here are all the switches it supports.
Oppa is a toolkit to generate OpenAPI specifications from JSON lines.
Usage:
oppa [flags]
Flags:
TARGET:
-t, -target string target input file to parse
-im, -input-mode string mode of input file ([jsonl]) (default "jsonl")
CONFIGURATION:
-config string path to the oppa configuration file
OUTPUT:
-d, -output-dir string store openapi to custom directory
-silent display output only
-v, -verbose display verbose output
-debug display debug output
-version display project version
Oppa implements a strange and unconventional merge logic. Oppa lacks knowledge on the parameters in each request. To avoid losing information, Oppa creates one openapi entry for each unique URL.
https://example.com/?page=indexhttps://example.com/?page=home
This results in a strange OpenAPI file. This unconventional approach make it easier to test multiple query parameter combinations with nuclei without editing the tool.
/:
get:
parameters:
- in: query
name: page
schema:
default: index
type: string
responses:
default:
description: ""
//:
get:
parameters:
- in: query
name: page
schema:
default: home
type: string
responses:
default:
description: ""Oppa can work from Katana JSON Lines output file format. By default, generated files are stored in the oppa_openapi folder.
$ katana -u https://example.com -jsonl -o requests.txt
$ oppa -im jsonl -t requests.txt