{"id":13520253,"url":"https://github.com/Escape-Technologies/graphinder","last_synced_at":"2025-03-31T16:31:03.692Z","repository":{"id":37804220,"uuid":"484400199","full_name":"Escape-Technologies/graphinder","owner":"Escape-Technologies","description":"🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️","archived":false,"fork":false,"pushed_at":"2023-05-22T22:01:48.000Z","size":1112,"stargazers_count":121,"open_issues_count":6,"forks_count":12,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-06-21T06:40:55.862Z","etag":null,"topics":["bugbounty","finder","graphql","osint","reconnaissance","security","spider","subdomain-enumeration","subdomain-scanner"],"latest_commit_sha":null,"homepage":"https://escape.tech","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Escape-Technologies.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null}},"created_at":"2022-04-22T10:59:30.000Z","updated_at":"2024-06-18T12:58:15.000Z","dependencies_parsed_at":"2023-02-16T11:31:04.089Z","dependency_job_id":null,"html_url":"https://github.com/Escape-Technologies/graphinder","commit_stats":null,"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgraphinder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgraphinder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgraphinder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Escape-Technologies%2Fgraphinder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Escape-Technologies","download_url":"https://codeload.github.com/Escape-Technologies/graphinder/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":213468388,"owners_count":15591699,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bugbounty","finder","graphql","osint","reconnaissance","security","spider","subdomain-enumeration","subdomain-scanner"],"created_at":"2024-08-01T05:02:15.712Z","updated_at":"2024-08-01T05:13:00.955Z","avatar_url":"https://github.com/Escape-Technologies.png","language":"Python","readme":"# Graphinder ![PyPI](https://img.shields.io/pypi/v/graphinder) [![CI](https://github.com/Escape-Technologies/graphinder/actions/workflows/ci.yaml/badge.svg)](https://github.com/Escape-Technologies/graphinder/actions/workflows/ci.yaml) [![codecov](https://codecov.io/gh/Escape-Technologies/graphinder/branch/main/graph/badge.svg?token=4KGK1LTHRO)](https://codecov.io/gh/Escape-Technologies/graphinder)\n\nGraphinder is a tool that extracts all GraphQL endpoints from a given domain.\n\n![Banner](doc/banner.png)\n\n![Docker Pulls](https://img.shields.io/docker/pulls/escapetech/graphinder)\n![Docker Image Size (latest by date)](https://img.shields.io/docker/image-size/escapetech/graphinder)\n![PyPI - Downloads](https://img.shields.io/pypi/dm/graphinder)\n\n## Run with docker\n\n```bash\ndocker pull escapetech/graphinder\ndocker run -it --rm escapetech/graphinder -d example.com\n```\n\nIf you want to save your results.json file, you can use:\n\n```bash\ndocker run -it --name graphinder escapetech/graphinder -d example.com\ndocker cp graphinder:/graphinder/results.json results.json\ndocker rm -f graphinder\n```\n\n## Install using Pip\n\n```bash\npip install graphinder\n\n# using specific python binary\npython3 -m pip install graphinder\n```\n\nRun it with\n\n```bash\ngraphinder ...\n```\n\n## Usage\n\nA Scan consistes of:\n\n- Running specific domain (`-d`, `--domain`).\n- Searching all scripts loaded by the browser for graphql endpoint (`-s`, `--script`)\n- Brute forcing the directories of all discovered urls (`-b`, `--bruteforce`)\n- Using precision mode (`-p`, `--precision`)\n\nBy default, bruteforce and script search are enabled.\n\n```bash\ngraphinder -d example.com\n```\n\n```bash\ngraphinder -f domains.txt\n```\n\n### Extra features\n\n- `--no-bruteforce`: Disable bruteforce\n- `--no-script`: Disable script search\n- `-p --precision --no-precision`: Enable/disable precision mode (default: enabled) (precision mode is slower but more accurate)\n- `-w --max-workers \u003cint\u003e`: Maximum of concurrent workers on multiple domains.\n- `-o --output-file \u003cFILE_PATH\u003e`: Output the results to file\n- `-v --verbose --no-verbose`: Verbose mode\n- `-r --reduce`: The maximum number of subdomains to scan.\n- `-wb --webhook_url`: The discord webhook url to send the results to.\n\nIf you experience any issues, irregularities or networking bottlenecks, please reduce your number of workers, otherwise, better is your network, the more workers you can have.\n\n## Local installation\n\nClone the repository and run the installation script\n\n```bash\ngit clone https://github.com/Escape-Technologies/graphinder.git\ncd graphinder\n./install-dev.sh\n```\n\nRun this command to enter the virtual enviroment\n\n```bash\npoetry shell\n```\n\nProfit !\n\n```bash\ngraphinder -d example.com\n```\n\n## How do you make sure this is a valid graphql endpoint ?\n\n![detector](doc/detector.jpg)\n\n## Contributing\n\nPull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.\n\nPlease make sure to update tests as appropriate.\n\n## License ![PyPI - License](https://img.shields.io/pypi/l/graphinder)\n\n[MIT](https://choosealicense.com/licenses/mit/)\n","funding_links":[],"categories":["Python","Tools","Offensive Security"],"sub_categories":["Tools - Security","Discovery"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEscape-Technologies%2Fgraphinder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FEscape-Technologies%2Fgraphinder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FEscape-Technologies%2Fgraphinder/lists"}