Skip to content

viralvaghela/graphypy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
__pycache__
__pycache__
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
endpoints_worlist.py
endpoints_worlist.py
 
 
graphypy.py
graphypy.py
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

GraphQL Endpoint Detector

This tool is designed to help bug bounty hunters and penetration testers detect GraphQL endpoints within a specified URL. It goes through multiple steps to ensure the identification of GraphQL endpoints and schema. Below are the steps followed by the tool:

  1. Brute force all endpoints to find the GraphQL endpoint.
  2. Tries the introspection query to find the schema.
  3. If introspection is disabled, it attempts a GET query to find the schema.
  4. If the GET query doesn't work, it tries URL Encoding.

image

ToDo

  • Allows users to check common mutations once a valid GraphQL endpoint is detected. and displays the results of the mutation checks at the end.

Usage

Make sure you have Python 3.x installed. Use the following command to run the script:

pip install requirements.txt
python graphypy.py URL

Note: You might need to install the necessary Python packages specified in the requirements file before running the script.

Bugs

If you find any issues in the tool, Feel free to create an issue here

Feel free to contribute and enhance the tool for better functionality and broader use cases.

About

Tool to hack Graphql

Topics

graphql api-testing hacktoberfest api-pentest hacktoberfest-accepted graphql-hacking

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages