https://github.com/viralvaghela/graphypy
Tool to hack Graphql
https://github.com/viralvaghela/graphypy
api-pentest api-testing graphql graphql-hacking hacktoberfest hacktoberfest-accepted
Last synced: 8 months ago
JSON representation
Tool to hack Graphql
- Host: GitHub
- URL: https://github.com/viralvaghela/graphypy
- Owner: viralvaghela
- License: mit
- Created: 2023-10-14T17:45:47.000Z (about 2 years ago)
- Default Branch: main
- Last Pushed: 2023-10-17T04:38:51.000Z (about 2 years ago)
- Last Synced: 2024-05-02T02:40:31.220Z (over 1 year ago)
- Topics: api-pentest, api-testing, graphql, graphql-hacking, hacktoberfest, hacktoberfest-accepted
- Language: Python
- Homepage:
- Size: 10.7 KB
- Stars: 13
- Watchers: 1
- Forks: 3
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# GraphQL Endpoint Detector
This tool is designed to help bug bounty hunters and penetration testers detect GraphQL endpoints within a specified URL. It goes through multiple steps to ensure the identification of GraphQL endpoints and schema. Below are the steps followed by the tool:
1. Brute force all endpoints to find the GraphQL endpoint.
2. Tries the introspection query to find the schema.
3. If introspection is disabled, it attempts a GET query to find the schema.
4. If the GET query doesn't work, it tries URL Encoding.
### ToDo
- [ ] Allows users to check common mutations once a valid GraphQL endpoint is detected. and displays the results of the mutation checks at the end.
## Usage
Make sure you have Python 3.x installed. Use the following command to run the script:
```
pip install requirements.txt
python graphypy.py URL
```
Note: You might need to install the necessary Python packages specified in the requirements file before running the script.
## Bugs
If you find any issues in the tool, Feel free to create an issue [here](https://github.com/viralvaghela/graphypy/issues/new)
Feel free to contribute and enhance the tool for better functionality and broader use cases.