This tool is designed to test and explore vulnerabilities in GraphQL applications. It allows users to perform various types of attacks and retrieve information about the GraphQL schema. The tool also includes references to the OWASP Top Ten vulnerabilities to educate users about common security risks.
Automatic PoC For Damn Vulnerable GraphQL Application.
- Perform GraphQL introspection to discover the schema.
- Execute batch queries to test multiple endpoints.
- Test for OS Command Injection vulnerabilities.
- Conduct Stored Cross-Site Scripting (XSS) tests.
- Analyze resource-intensive queries.
- Simulate Denial of Service (DoS) attacks.
- Check for field duplication vulnerabilities.
- Test for Server-Side Request Forgery (SSRF).
- Send custom GraphQL requests.
The tool provides information about the OWASP Top Ten vulnerabilities:
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access Control
- Security Misconfiguration
- Cross-Site Scripting (XSS)
- Insecure Deserialization
- Using Components with Known Vulnerabilities
- Insufficient Logging & Monitoring
To run this tool, you need to have Python 3.x installed. You can download it from the official Python website.
Install the required libraries using pip:
pip install requests colorama
Run the tool with the following command:
python3 graphql_poc.py -u <GraphQL_endpoint_URL> -p <Proxy_URL>
-u / --url: The GraphQL endpoint URL you want to test. -p / --proxy: (Optional) The proxy URL for intercepting requests (e.g., http://127.0.0.1:8080).
python3 graphql_poc.py -u http://example.com/graphql -p http://127.0.0.1:8080
After running the tool, you will be prompted to select an attack type:
- GraphQL Introspection: Discover the GraphQL schema.
- Batch Query Attack: Send multiple queries at once.
- OS Command Injection: Test for command injection vulnerabilities.
- Stored Cross-Site Scripting (XSS): Test for stored XSS vulnerabilities.
- Resource Intensive Query: Test a resource-intensive query.
- Denial of Service Attack: Simulate a DoS attack.
- Field Duplication Attack: Test for duplicate fields in queries.
- Server-Side Request Forgery (SSRF): Test for SSRF vulnerabilities.
- Custom GraphQL Request: Send a custom GraphQL request.
Contributions are welcome! If you have suggestions for improvements or new features, please open an issue or submit a pull request.
For a vulnerable GraphQL application to test against, check out the Damn Vulnerable GraphQL Application. Damn Vulnerable GraphQL Application
This project is licensed under the MIT License.
This tool is intended for educational purposes and ethical hacking only. Use it responsibly and only on systems you have permission to test.