GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → nikitastupin → clairvoyance

nikitastupin / clairvoyance

Licence: Apache-2.0 license
Obtain GraphQL API Schema even if the introspection is not enabled

Programming Languages

python
139335 projects - #7 most used programming language
javascript
184084 projects - #8 most used programming language
Dockerfile
14818 projects
shell
77523 projects

Labels

graphqlsecuritypenetration-testingbug-bounty

Projects that are alternatives of or similar to clairvoyance

filter-var-sqli
Bypassing FILTER_SANITIZE_EMAIL & FILTER_VALIDATE_EMAIL filters in filter_var for SQL Injection ( xD )
Stars: ✭ 29 (-93.53%)
Mutual labels:  penetration-testing, bug-bounty
Sublert
Sublert is a security and reconnaissance tool which leverages certificate transparency to automatically monitor new subdomains deployed by specific organizations and issued TLS/SSL certificate.
Stars: ✭ 699 (+56.03%)
Mutual labels:  penetration-testing, bug-bounty
Rengine
reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with…
Stars: ✭ 3,439 (+667.63%)
Mutual labels:  penetration-testing, bug-bounty
Nightingale
It's a Docker Environment for pentesting which having all the required tool for VAPT.
Stars: ✭ 119 (-73.44%)
Mutual labels:  penetration-testing, bug-bounty
Awesome Bbht
A bash script that will automatically install a list of bug hunting tools that I find interesting for recon, exploitation, etc. (minus burp) For Ubuntu/Debain.
Stars: ✭ 190 (-57.59%)
Mutual labels:  penetration-testing, bug-bounty
aquatone
A Tool for Domain Flyovers
Stars: ✭ 43 (-90.4%)
Mutual labels:  penetration-testing, bug-bounty
Dirsearch
Web path scanner
Stars: ✭ 7,246 (+1517.41%)
Mutual labels:  penetration-testing, bug-bounty
reconmap
Vulnerability assessment and penetration testing automation and reporting platform for teams.
Stars: ✭ 242 (-45.98%)
Mutual labels:  penetration-testing, bug-bounty
Pidrila
Python Interactive Deepweb-oriented Rapid Intelligent Link Analyzer
Stars: ✭ 125 (-72.1%)
Mutual labels:  penetration-testing, bug-bounty
Awesome Hacking
A collection of various awesome lists for hackers, pentesters and security researchers
Stars: ✭ 48,038 (+10622.77%)
Mutual labels:  penetration-testing, bug-bounty
Swiftnessx
A cross-platform note-taking & target-tracking app for penetration testers.
Stars: ✭ 673 (+50.22%)
Mutual labels:  penetration-testing, bug-bounty
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (-34.37%)
Mutual labels:  penetration-testing, bug-bounty
Keye
Keye is a reconnaissance tool that was written in Python with SQLite3 integrated. After adding a single URL, or a list of URLs, it will make a request to these URLs and try to detect changes based on their response's body length.
Stars: ✭ 101 (-77.46%)
Mutual labels:  penetration-testing, bug-bounty
wifi-penetration-testing-cheat-sheet
Work in progress...
Stars: ✭ 149 (-66.74%)
Mutual labels:  penetration-testing, bug-bounty
tugarecon
Pentest: Subdomains enumeration tool for penetration testers.
Stars: ✭ 142 (-68.3%)
Mutual labels:  penetration-testing, bug-bounty
DNSExplorer
Bash script that automates the enumeration of domains and DNS servers in the active information gathering.
Stars: ✭ 33 (-92.63%)
Mutual labels:  penetration-testing
huntkit
Docker - Ubuntu with a bunch of PenTesting tools and wordlists
Stars: ✭ 51 (-88.62%)
Mutual labels:  penetration-testing
Pentest-Cheat-Sheet
Cheat-Sheet of tools for penetration testing
Stars: ✭ 44 (-90.18%)
Mutual labels:  penetration-testing
censys-recon-ng
recon-ng modules for Censys
Stars: ✭ 29 (-93.53%)
Mutual labels:  penetration-testing
graphw00f
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
Stars: ✭ 260 (-41.96%)
Mutual labels:  penetration-testing
View All Similar Projects ➔

clairvoyance

Some GraphQL APIs have disabled introspection. For example, Apollo Server disables introspection automatically if the NODE_ENV environment variable is set to production.

Clairvoyance allows us to get GraphQL API schema when introspection is disabled. It produces schema in JSON format suitable for other tools like GraphQL Voyager, InQL or graphql-path-enum.

Acknowledgments

Thanks to Swan from Escape-Technologies for 2.0 version.

Usage

From PyPI

pip install clairvoyance

From Python interpreter

git clone https://github.com/nikitastupin/clairvoyance.git
cd clairvoyance
pip install poetry
poetry config virtualenvs.in-project true
poetry install --no-dev
source .venv/bin/activate
python3 -m clairvoyance --help
python3 -m clairvoyance -o /path/to/schema.json https://swapi-graphql.netlify.app/.netlify/functions/index

From Docker Image

docker run --rm nikitastupin/clairvoyance --help
# Assuming the wordlist.txt file is found in $PWD
docker run --rm -v $(pwd):/tmp/ nikitastupin/clairvoyance -vv -o /tmp/schema.json -w /tmp/wordlist.txt https://swapi-graphql.netlify.app/.netlify/functions/index

You can refer to 2nd half of GraphQL APIs from bug hunter's perspective by Nikita Stupin talk for detailed description.

Which wordlist should I use?

There are at least two approaches:

  • Use general English words (e.g. google-10000-english).
  • Create target specific wordlist by extracting all valid GraphQL names from application HTTP traffic, from mobile application static files, etc. Regex for GraphQL name is [_A-Za-z][_0-9A-Za-z]*.

Environment Variables

LOG_FMT=`%(asctime)s \t%(levelname)s\t| %(message)s` # A string format for logging.
LOG_DATEFMT=`%Y-%m-%d %H:%M:%S` # A string format for logging date.
LOG_LEVEL=`INFO` # A string level for logging.

Support

In case of question or issue with clairvoyance please refer to wiki or issues. If this doesn't solve your problem feel free to open a new issue.

Contributing

Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change. For more information about tests, internal project structure and so on refer to Development wiki page.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].