Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/davinerd/gql_intruder
A plugin based GraphQL vulnerability assessment tool.
https://github.com/davinerd/gql_intruder
graphql graphql-security pentest-tool python3
Last synced: about 1 month ago
JSON representation
A plugin based GraphQL vulnerability assessment tool.
- Host: GitHub
- URL: https://github.com/davinerd/gql_intruder
- Owner: davinerd
- License: mit
- Created: 2020-11-10T00:04:53.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2021-01-10T22:44:29.000Z (over 3 years ago)
- Last Synced: 2024-02-02T06:43:14.868Z (4 months ago)
- Topics: graphql, graphql-security, pentest-tool, python3
- Language: Python
- Homepage:
- Size: 71.3 KB
- Stars: 11
- Watchers: 2
- Forks: 0
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Lists
- awesome-graphql - GraphQL Intruder - Plugin based python script to perform GraphQL vulnerability assessment. (Tools / Tools - Security)
- awesome-graphql - GraphQL Intruder - Plugin based python script to perform GraphQL vulnerability assessment. (Tools / Tools - Security)
README
# GraphQL Intruder
Plugin oriented tool to perform GraphQL endpoint vulnerability assessment.# Usage
Plugins are listed in their own folders under `plugins` folder.To list all the available plugins:
```
$ python3 brute.py
List of available plugins
Name: dump
Author: Davide Barbato
Description: Dump GraphQL schema via introspection.
Action: dumpName: intruder
Author: Davide Barbato
Description: Simple bruteforce inspired by Burp Suite Intruder.
Action: intruderFor more info type: python3 brute.py
```# How to write a plugin
Writing a plugin is pretty simple:
1. Create a folder under `plugins`. The folder's name reflects the file and class name. Example:
```
plugins/
├── newplugin
│ ├── newplugin.py
│ ├── __init__.py
```2. Write your plugin. Inside `newplugin.py`:
```
# Mandatory imports
import utils
import argparse
from plugin import Plugin# Class name matches file and folder names
class Newplugin(Plugin):# This is mandatory
CMD_NAME = "new_attack"# These are optional
author = "Davide Barbato"
description = "Super duper new attack plugin"
def __init__(self):
# The Plugin class' argparse already sets the URL as mandatory parameter.
# If you need to add your own parser, do it and call self.build_argparse(your_new_parser)
parser = self.build_argparse()
args = parser.parse_args()# This function is mandatory.
def attack(self):
print("Attack!")
```3. Add the module to `plugins/__init__.py`:
```
from plugins.intruder.intruder import Intruder
from plugins.dump.dump import Dump
from plugins.newplugin.newplugin import Newplugin
```4. Enjoy