search

GraphQL

https://github.com/sorokinpf/graphql_sample_senderarrow-up-right

inql - python script and burp extension for scan qraphql: https://blog.doyensec.com/2020/03/26/graphql-scanner.htmlarrow-up-right

GraphQL визуализация https://apis.guru/graphql-voyager/arrow-up-right

GraphQL IDE: https://github.com/prisma-labs/graphql-playgroundarrow-up-right https://app.graphqleditor.com/arrow-up-right

GraphQL коннектится к MongoDB, или вроде же к любой базе?

Есть разные библиотеки для работы с GraphQL API: AWS AppSync, Apollo, ...

Для вот этих двух интроспекция работает. Достаточно сделать запрос: {<запрос на интроспекцию из PayloadAllTheThings>}

hashtag
BatchQL

Link: https://github.com/assetnote/batchqlarrow-up-right

a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements.

This tool is capable of detecting the following:

  • Introspection query support

  • Schema suggestions detection

  • Potential CSRF detection

  • Query name based batching

  • Query JSON list based batching

PreviousWAFNextVirtual Hosts

Last updated