Graph Crawler is probably the most highly effective automated testing toolkit for any GraphQL endpoint.
NEW: Can seek for endpoints for you utilizing Escape Know-how’s highly effective Graphinder software. Simply level it in direction of a website and add the ‘-e’ choice and Graphinder will do subdomain enumeration + search common directories for GraphQL endpoints. In spite of everything this GraphCrawler will take over and work by every discover.
It’ll run by and verify if mutation is enabled, verify for any delicate queries accessible, comparable to customers and information, and it’ll additionally check any straightforward queries it discover to see if authentication is required.
If introspection will not be enabled on the endpoint it is going to verify whether it is an Apollo Server after which can run Clairvoyance to brute power and seize the solutions to attempt to construct the schema ourselves. (See the Clairvoyance undertaking for higher particulars on this).
It’ll then rating the findings 1-10 with 10 being probably the most important.
If you wish to dig deeper into the schema you can even use graphql-path-enum to search for paths to sure varieties, like person IDs, emails, and so on.
I hope this protects you as a lot time because it has for me
Utilization
python graphCrawler.py -u https://check.com/graphql/api -o <fileName> -a "<headers>"██████╗ ██████╗ █████╗ ██████╗ ██╗ ██╗ ██████╗██████╗ █████╗ ██╗ ██╗██╗ ███████╗██████╗
██╔════╝ ██╔══██╗██╔══██╗██╔══██╗██║ ██║██╔════╝██╔══██╗██╔══██╗██║ ██║██║ ██╔════╝██╔══██╗
██║ ███╗██████╔╝███████║██████╔╝███████║██║ ██████╔╝███████║██║ █╗ ██║██║ █████╗ ██████╔╝
██║ ██║██╔══██╗██╔══██║██╔═══╝ ██╔══██║██║ ██╔══██╗██╔══██║██║███╗██║██║ ██╔══╝ ██╔══██╗
╚██████╔╝██║ ██║██║ ██║██║ ██║ ██║╚██████╗██║ ██║██║ ██║╚███╔███╔╝███████╗███████╗██║ ██║
╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚══╝╚══╝ ╚══════╝╚══════╝╚═╝ ╚═╝
The output choice will not be required and by default it is going to output to schema.json
Instance output:
Necessities
- Python3
- Docker
- Set up all Python dependencies with pip
Wordlist from google-10000-english
TODO
- Add choice for “full report” following the endpoint search the place it is going to run clairvoyance and all different points of the toolkit on the endpoints discovered
- Default to “easy scan” to only discover endpoints when this characteristic is added
- Method Future: assist craft queries based mostly of the shema offered
