maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add my GraphQL DoS testing repo to HackTricks

Browse Source
This commit is contained in:
redDev 2025-01-31 02:19:37 +01:00
parent cc776534e2
commit 42f7751aa3
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/network-services-pentesting/pentesting-web/graphql.md
View File

@ -615,6 +615,10 @@ curl -X POST -H "User-Agent: graphql-cop/1.13" -H "Content-Type: application/jso
- [https://github.com/doyensec/inql](https://github.com/doyensec/inql): Burp extension for advanced GraphQL testing. The _**Scanner**_ is the core of InQL v5.0, where you can analyze a GraphQL endpoint or a local introspection schema file. It auto-generates all possible queries and mutations, organizing them into a structured view for your analysis. The _**Attacker**_ component lets you run batch GraphQL attacks, which can be useful for circumventing poorly implemented rate limits.
- [https://github.com/nikitastupin/clairvoyance](https://github.com/nikitastupin/clairvoyance): Try to get the schema even with introspection disabled by using the help of some Graphql databases that will suggest the names of mutations and parameters.
### Scripts to exploit common vulnerabilities
- [https://github.com/reycotallo98/pentestScripts/tree/main/GraphQLDoS](https://github.com/reycotallo98/pentestScripts/tree/main/GraphQLDoS): Collection of scripts for exploiting denial-of-service vulnerabilities in vulnerable graphql environments.
### Clients
- [https://github.com/graphql/graphiql](https://github.com/graphql/graphiql): GUI client