{"id":33108993,"url":"https://github.com/davinerd/gql_intruder","last_synced_at":"2025-11-15T18:01:10.578Z","repository":{"id":56309712,"uuid":"311496605","full_name":"davinerd/gql_intruder","owner":"davinerd","description":"A plugin based GraphQL vulnerability assessment tool.","archived":false,"fork":false,"pushed_at":"2021-01-10T22:44:29.000Z","size":73,"stargazers_count":12,"open_issues_count":3,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-05-07T01:31:51.687Z","etag":null,"topics":["graphql","graphql-security","pentest-tool","python3"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/davinerd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-11-10T00:04:53.000Z","updated_at":"2024-03-17T09:01:25.000Z","dependencies_parsed_at":"2022-08-15T16:30:40.258Z","dependency_job_id":null,"html_url":"https://github.com/davinerd/gql_intruder","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/davinerd/gql_intruder","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davinerd%2Fgql_intruder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davinerd%2Fgql_intruder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davinerd%2Fgql_intruder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davinerd%2Fgql_intruder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/davinerd","download_url":"https://codeload.github.com/davinerd/gql_intruder/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/davinerd%2Fgql_intruder/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":284597116,"owners_count":27032396,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-11-15T02:00:06.050Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["graphql","graphql-security","pentest-tool","python3"],"created_at":"2025-11-15T01:00:22.741Z","updated_at":"2025-11-15T18:01:10.572Z","avatar_url":"https://github.com/davinerd.png","language":"Python","funding_links":[],"categories":["Tools"],"sub_categories":["Tools - Security"],"readme":"# GraphQL Intruder\nPlugin oriented tool to perform GraphQL endpoint vulnerability assessment.\n\n# Usage\nPlugins are listed in their own folders under `plugins` folder.\n\nTo list all the available plugins:\n```\n$ python3 brute.py\nList of available plugins\nName: dump\nAuthor: Davide Barbato\nDescription: Dump GraphQL schema via introspection.\nAction: dump\n\nName: intruder\nAuthor: Davide Barbato\nDescription: Simple bruteforce inspired by Burp Suite Intruder.\nAction: intruder\n\nFor more info type: python3 brute.py \u003caction\u003e\n```\n\n# How to write a plugin\nWriting a plugin is pretty simple:\n1. Create a folder under `plugins`. The folder's name reflects the file and class name. Example:\n```\nplugins/\n├── newplugin\n│   ├── newplugin.py\n│   ├── __init__.py\n``` \n\n2. Write your plugin. Inside `newplugin.py`:\n```\n# Mandatory imports\nimport utils\nimport argparse\nfrom plugin import Plugin\n\n# Class name matches file and folder names\nclass Newplugin(Plugin):\n\n  # This is mandatory\n  CMD_NAME = \"new_attack\"\n\n  # These are optional\n  author = \"Davide Barbato\"\n  description = \"Super duper new attack plugin\"\n  \n  def __init__(self):\n    # The Plugin class' argparse already sets the URL as mandatory parameter.\n    # If you need to add your own parser, do it and call self.build_argparse(your_new_parser)\n    parser = self.build_argparse()\n    args = parser.parse_args()\n\n  # This function is mandatory.\n  def attack(self):\n    print(\"Attack!\")\n```\n\n3. Add the module to `plugins/__init__.py`:\n```\nfrom plugins.intruder.intruder import Intruder\nfrom plugins.dump.dump import Dump\nfrom plugins.newplugin.newplugin import Newplugin\n```\n\n4. Enjoy\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavinerd%2Fgql_intruder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdavinerd%2Fgql_intruder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdavinerd%2Fgql_intruder/lists"}