{"id":13700864,"url":"https://github.com/Escape-Technologies/goctopus","last_synced_at":"2025-05-04T19:33:28.691Z","repository":{"id":138531050,"uuid":"607326640","full_name":"Escape-Technologies/goctopus","owner":"Escape-Technologies","description":"Blazing fast GraphQL discovery \u0026 fingerprinting toolbox.","archived":false,"fork":false,"pushed_at":"2023-11-21T10:14:19.000Z","size":5610,"stargazers_count":101,"open_issues_count":3,"forks_count":9,"subscribers_count":3,"default_branch":"main","last_synced_at":"2024-11-11T09:45:35.107Z","etag":null,"topics":["discovery","fingerprinting","graphql","graphql-tools","pentesting"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"agpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Escape-Technologies.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-27T19:09:47.000Z","updated_at":"2024-10-30T03:45:51.000Z","dependencies_parsed_at":"2023-11-21T11:42:33.716Z","dependency_job_id":null,"html_url":"https://github.com/Escape-Technologies/goctopus","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgoctopus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgoctopus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgoctopus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgoctopus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Escape-Technologies","download_url":"https://codeload.github.com/Escape-Technologies/goctopus/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":224406065,"owners_count":17305718,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["discovery","fingerprinting","graphql","graphql-tools","pentesting"],"created_at":"2024-08-02T20:01:03.868Z","updated_at":"2024-11-13T06:31:30.421Z","avatar_url":"https://github.com/Escape-Technologies.png","language":"Go","funding_links":[],"categories":["Implementations","Tools","graphql","Offensive Security","Go"],"sub_categories":["JavaScript/TypeScript","Discovery"],"readme":"# goctopus\n\nBlazing fast graphql fingerprinting toolbox.\n\n[![Go Reference](https://pkg.go.dev/badge/github.com/Escape-Technologies/goctopus.svg)](https://pkg.go.dev/github.com/Escape-Technologies/goctopus)\n[![Go Report Card](https://goreportcard.com/badge/github.com/Escape-Technologies/goctopus)](https://goreportcard.com/report/github.com/Escape-Technologies/goctopus)\n[![Docker Pulls](https://img.shields.io/docker/pulls/escapetech/goctopus)](https://hub.docker.com/r/escapetech/goctopus)\n\n\u003e ⚠️ Goctopus is still in very early development. Breaking changes are expected.\n\n`````TEXT\ngoctopus -a rickandmortyapi.com\n\n                    .-'   `'.\n                   /         \\\n                   |         ;\n                   |         |           ___.--,\n          _.._     |0) ~ (0) |    _.---'`__.-( (_.\n   __.--'`_.. '.__.\\    '--. \\_.-' ,.--'`     `\"\"`\n  ( ,.--'`   ',__ /./;   ;, '.__.'`    __\n  _`) )  .---.__.' / |   |\\   \\__..--\"\"  \"\"\"--.,_\n `---' .'.''-._.-'`_./  /\\ '.  \\ _.-~~~````~~~-._`-.__.'\n       | |  .' _.-' |  |  \\  \\  '.               `~---`\n        \\ \\/ .'     \\  \\   '. '-._)\n         \\/ /        \\  \\    `=.__`~-.\n     jgs / /\\         `) )    / / `\"\".`\\\n   , _.-'.'\\ \\        / /    ( (     / /\n    `--~`   ) )    .-'.'      '.'.  | (\n           (/`    ( (`          ) )  '-;\n            `      '-;         (-'\n                  _\n  __ _  ___   ___| |_ ___  _ __  _   _ ___\n / _` |/ _ \\ / __| __/ _ \\| '_ \\| | | / __|\n| (_| | (_) | (__| || (_) | |_) | |_| \\__ \\\n \\__, |\\___/ \\___|\\__\\___/| .__/ \\__,_|___/ v0.0.18\n |___/                    |_|\n[INF] Enumerating subdomains for 'rickandmortyapi.com'\n[INF] Found 5 subdomains for 'rickandmortyapi.com' in 15 seconds 276 milliseconds\nINFO[0016] Done fingerprinting rickandmortyapi.com\nINFO[0016] Found: {\"authenticated\":false,\"domain\":\"rickandmortyapi.com\",\"schema_status\":\"OPEN\",\"source\":\"rickandmortyapi.com\",\"url\":\"https://rickandmortyapi.com/graphql\"}\nINFO[0016] Done. Found 1 graphql endpoints\n`````\n\n## Usage\n\nUsing go:\n\n```BASH\ngo install -v github.com/Escape-Technologies/goctopus/cmd/goctopus@latest\ngoctopus -a example.com\n```\n\nUsing docker:\n\n```BASH\ndocker run --rm -it escapetech/goctopus:latest -a example.com\n```\n\n## Main options \u0026 features\n\nIt is recommended to use the `-a` flag as a shorthand to enable all the features (if you want detailed results, and don't care about speed).\n\n### Input\n\nGoctopus takes a list of adresses (endpoints and/or urls) as input.\nAdresses can be specified directly in the command line or in a file.\n\n#### Command line\n\nThe adresses can be specified directly in the command line, comma separated.\nExample:\n\n```BASH\ngoctopus -a example.com,https://example.com/graphql\n```\n\n#### Input file\n\nThe adresses can be specified in a file, one per line.\nThe file path should be specified using the `-f` flag.\nExample:\n\n```TEXT\nexample.com\nhttps://example.com/graphql\nescape.tech\nhttps://example.com/api\n```\n\n```BASH\ngoctopus -f input.txt\n```\n\n### Introspection fingerprinting\n\nThe `-introspect` flag enables introspection fingerprinting.\nIf enabled, goctopus will detect if the introspection of graphql endpoints is enabled.\n\n### Subdomain enumeration\n\nThe `-subdomain` flag enables subdomain enumeration.\nIf enabled, goctopus will try to find graphql endpoints on subdomains of the given domains.\nThe enumeration is done using [subfinder](https://github.com/projectdiscovery/subfinder).\n\n### Field suggestion fingerprinting\n\nThe `-suggest` flag enables field suggestion fingerprinting.\nThis option needs the introspection fingerprinting (`-introspect`) to be enabled.\nWhen enabled, goctopus will try to detect if the graphql endpoint has field suggestion enabled, if the introspection is closed.\nThis is useful to bruteforce fields and/or types when introspection is disabled, with tools such as [ClairvoyaceNext](https://github.com/Escape-Technologies/ClairvoyanceNext).\n\n### Output\n\nThe `-o` is used to specify the output file path. It defaults to `output.jsonl`.\nThe output file is in json-lines format.\nEach line corresponds to one found graphql endpoint and will contain at least the following fields:\n\n```JSON\n{\n  \"domain\": \"subdomain.example.com\",\n  \"authenticated\": false,\n  \"url\": \"https://subdomain.example.com/graphql\",\n  \"source\": \"example.com\"\n}\n```\n\nThe `authenticated` field can be one of the following:\n\n- `true`: The endpoint is a graphql endpoint.\n- `false`: The endpoint is a graphql endpoint and requires authentication.\n\n## Additional options\n\n```TEXT\nUsage: goctopus [options] [addresses]\n[addresses]: A list of addresses to fingerprint, comma separated.\nAddresses can be in the form of http://example.com/graphql or example.com. If an input file is specified, this argument is ignored.\n[options]:\n  -a\t(All) Enable all fingerprinting methods: introspection, field suggestion, subdomain enumeration\n  -f string\n    \tInput file\n  -introspect\n    \tEnable introspection fingerprinting\n  -o string\n    \tOutput file (json-lines format)\n  -s\tSilent\n  -subdomain\n    \tEnable subdomain enumeration\n  -suggest\n    \tEnable fields suggestion fingerprinting.\n    \tNeeds \"introspection\" to be enabled.\n  -t int\n    \tRequest timeout (seconds) (default 30)\n  -v\tVerbose\n  -w int\n    \tMax workers (default 40)\n  -webhook string\n    \tWebhook URL\n```\n\n## Docker usage\n\nUsing volumes to load the input file and save to the output file:\n\n```BASH\ndocker run --rm -it -v $(pwd):/data escapetech/goctopus:latest -f /data/input.txt -o /data/output.jsonl\n```\n\nUsing a specific version:\n\n```BASH\n# for version vA.B.C\ndocker run --rm -it escapetech/goctopus:A.B.C [args]\n```\n\n## Roadmap\n\n- [x] Better wordlist for field suggestion fingerprinting, to improve the detection performance and detection rate.\n- [ ] Engine fingerprinting.\n- [ ] Script analysis.\n- [x] Refactor to make goctopus usable as a go package.\n- [ ] Document goctopus as a go package.\n- [ ] Better flags.\n- [x] Better logs.\n- [x] Direct cli input.\n- [ ] Improve performance further.\n- [ ] Resume from output file. (maybe)\n- [ ] Custom ascii art. (maybe)\n- [x] Docker\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEscape-Technologies%2Fgoctopus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEscape-Technologies%2Fgoctopus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEscape-Technologies%2Fgoctopus/lists"}