Scanning gRPC API Web Services with Invicti Standard
gRPC (Remote Procedure Call) is a modern, high-performance framework that enables efficient communication between services in distributed systems. Unlike traditional RESTful APIs, which typically use JSON over HTTP, gRPC uses protocol buffers as its Interface Definition Language (IDL) and HTTP/2 for transport. This combination offers benefits such as improved performance, built-in support for streaming, and strong typing.
This document describes how to prepare a new scan and upload a .proto file in order to scan gRPC API Web services with Invicti Standard.
PREREQUISITES:
For instructions on how to set the parameters in points 1 and 2, refer to Configuring Invicti Standard Settings - Advanced Options. |
How to scan gRPC API Web Services
- From the Home menu, click New.
- Select the Target Website or Web Service URL.
- Click Links/API Definitions in the Scan Settings menu.
- Select gRPC Proto in the Links/API Definitions > From File section.
- In the gRPC Proto Import window, enter the gRPC endpoint URL in the Definition File URL field and click OK.
NOTE: If your .proto file depends on other .proto files, it is crucial that the dependent .proto files are located in the same directory.
Dependent files must be present in the related directory, otherwise Invicti Standard cannot import them. |
- In the Import Links window that opens up, locate and select the .proto file, and click Open.
- The Imported Links section is updated with the .proto file you uploaded.
- If the Target Website or Web Service URL is different from the gRPC endpoint URL from step 5, you need to add this URL in Scan Settings > Additional Websites. If you don't specify the gRPC endpoint URL as an additional website, Invicti Standard will not target this service.
- Click Start Scan at the bottom of the page to start scanning with the gRPC Service.