GraphQL

https://github.com/sorokinpf/graphql_sample_sender

inql - python script and burp extension for scan qraphql: https://blog.doyensec.com/2020/03/26/graphql-scanner.html

GraphQL визуализация https://apis.guru/graphql-voyager/

GraphQL IDE: https://github.com/prisma-labs/graphql-playground https://app.graphqleditor.com/

GraphQL коннектится к MongoDB, или вроде же к любой базе?

Есть разные библиотеки для работы с GraphQL API: AWS AppSync, Apollo, ...

Для вот этих двух интроспекция работает. Достаточно сделать запрос: {<запрос на интроспекцию из PayloadAllTheThings>}

BatchQL

Link: https://github.com/assetnote/batchql

a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is not complex, and we welcome improvements.

This tool is capable of detecting the following:

• Introspection query support

• Schema suggestions detection

• Potential CSRF detection

• Query name based batching

• Query JSON list based batching