{"id":15192429,"url":"https://github.com/gsmith257-cyber/graphcrawler","last_synced_at":"2025-04-06T10:14:35.977Z","repository":{"id":39746027,"uuid":"504669462","full_name":"gsmith257-cyber/GraphCrawler","owner":"gsmith257-cyber","description":"GraphQL automated security testing toolkit","archived":false,"fork":false,"pushed_at":"2024-02-20T22:15:38.000Z","size":1469,"stargazers_count":314,"open_issues_count":0,"forks_count":23,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-04-06T10:14:30.229Z","etag":null,"topics":["api","api-hacking","automated-testing","cybersecurity","graphql","graphql-api","graphql-security","pentesting"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gsmith257-cyber.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"support/graphql-path-enum","governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2022-06-17T20:54:16.000Z","updated_at":"2025-03-31T16:39:53.000Z","dependencies_parsed_at":"2024-02-20T23:27:24.775Z","dependency_job_id":"dbdde452-520a-4079-b7ad-47f112b27463","html_url":"https://github.com/gsmith257-cyber/GraphCrawler","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gsmith257-cyber%2FGraphCrawler","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gsmith257-cyber%2FGraphCrawler/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gsmith257-cyber%2FGraphCrawler/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gsmith257-cyber%2FGraphCrawler/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gsmith257-cyber","download_url":"https://codeload.github.com/gsmith257-cyber/GraphCrawler/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247464226,"owners_count":20942970,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api","api-hacking","automated-testing","cybersecurity","graphql","graphql-api","graphql-security","pentesting"],"created_at":"2024-09-27T21:23:24.473Z","updated_at":"2025-04-06T10:14:35.950Z","avatar_url":"https://github.com/gsmith257-cyber.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# GraphCrawler\n\n![](https://github.com/gsmith257-cyber/GraphCrawler/raw/main/GraphCrawler.PNG)\n\n## THE GraphQL automated testing tookit\n\nGraph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint.\n\n### Version 1.2 is out!!\nNEW: Can search for endpoints for you using Escape Technology's powerful [Graphinder](https://github.com/Escape-Technologies/graphinder) tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular directories for GraphQL endpoints. After all this GraphCrawler will take over and work through each find. If the schema can not be introspected, you can supply it as a json file with the '-s' option.\n\nIt will run through and check if mutation is enabled, check for any sensitive queries available, such as users and files, and it will also test any easy queries it find to see if authentication is required.\n\nIf introspection is not enabled on the endpoint it will check if it is an Apollo Server and then can run [Clairvoyance](https://github.com/nikitastupin/clairvoyance) to brute force and grab the suggestions to try to build the schema ourselves. (See the Clairvoyance project for greater details on this). \nIt will then score the findings 1-10 with 10 being the most critical.\n\nIf you want to dig deeper into the schema you can also use [graphql-path-enum](https://gitlab.com/dee-see/graphql-path-enum/) to look for paths to certain types, like user IDs, emails, etc.\n\nI hope this saves you as much time as it has for me\n\n## Usage\n1. As Baremetal Install\n```bash\npython graphCrawler.py -u https://test.com/graphql/api -o \u003cfileName\u003e -a \"\u003cheaders\u003e\"\n\n\n ██████╗ ██████╗  █████╗ ██████╗ ██╗  ██╗ ██████╗██████╗  █████╗ ██╗    ██╗██╗     ███████╗██████╗ \n██╔════╝ ██╔══██╗██╔══██╗██╔══██╗██║  ██║██╔════╝██╔══██╗██╔══██╗██║    ██║██║     ██╔════╝██╔══██╗\n██║  ███╗██████╔╝███████║██████╔╝███████║██║     ██████╔╝███████║██║ █╗ ██║██║     █████╗  ██████╔╝\n██║   ██║██╔══██╗██╔══██║██╔═══╝ ██╔══██║██║     ██╔══██╗██╔══██║██║███╗██║██║     ██╔══╝  ██╔══██╗\n╚██████╔╝██║  ██║██║  ██║██║     ██║  ██║╚██████╗██║  ██║██║  ██║╚███╔███╔╝███████╗███████╗██║  ██║\n ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═╝╚═╝     ╚═╝  ╚═╝ ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝ ╚══╝╚══╝ ╚══════╝╚══════╝╚═╝  ╚═╝\n \n```\nThe output option is not required and by default it will output to schema.json\n2. As Docker\nNote: As graphcrawler uses some options that need files as input or produce output, it is advised to keep all those file a working directory and mount it at container path /workspace. Your all output will be saved to that mounted directory\n```bash\ndocker build -t graphcrawler:1.2 .\ndocker run -v /path_to_workspace:/workspace -it graphcrawler:1.2 -u https://test.com/graphql/api  -o \u003cfilename\u003e -a \"\u003cheaders\u003e\"\n```\n### Example output:\n\u003cdiv\u003e\u003c/div\u003e\n\u003cimg src=https://github.com/gsmith257-cyber/GraphCrawler/blob/main/output.PNG /\u003e\n\n### Requirements\n- Python3\n- Docker\n- Install all Python dependencies with pip\n\n\u003cdiv\u003e\u003c/div\u003e\n\nWordlist from [google-10000-english](https://github.com/first20hours/google-10000-english)\n\n\n### TODO\n- Add option for \"full report\" following the endpoint search where it will run clairvoyance and all other aspects of the toolkit on the endpoints found\n- Default to \"simple scan\" to just find endpoints when this feature is added\n- Way Future: help craft queries based of the shema provided\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgsmith257-cyber%2Fgraphcrawler","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgsmith257-cyber%2Fgraphcrawler","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgsmith257-cyber%2Fgraphcrawler/lists"}