Web Application Analysis

Clairvoyance – Unmasking Hidden GraphQL Schemas

Clairvoyance is a game-changer for GraphQL API developers. This tool gets the GraphQL API schema from sites where introspection is turned off and displays it in a user-friendly JSON format.

Learn how to install it, how to use it in more advanced ways, and how to get help from a dedicated team of contributors. You’ll also find out how to help out and deal with possible problems.

Some GraphQL APIs have disabled introspection. For example, Apollo Server disables introspection automatically if the NODE_ENV environment variable is set to production.

Clairvoyance helps obtain the GraphQL API schema even if introspection is disabled. It produces schema in JSON format suitable for other tools like GraphQL VoyagerInQL or graphql-path-enum.

Contributors

Thanks to the contributors for their work,

Getting Started

pip

pip install clairvoyance
clairvoyance https://rickandmortyapi.com/graphql -o schema.json
# should take about 2 minutes

docker

docker run --rm nikitastupin/clairvoyance --help

Advanced Usage

Which wordlist should I use?

There are at least two approaches:

  • Use general English words (e.g., google-10000-english).
  • Create target-specific wordlist by extracting all valid GraphQL names from application HTTP traffic, from mobile application static files, etc. Regex for GraphQL’s name is [_A-Za-z][_0-9A-Za-z]*.

Environment variables

LOG_FMT=`%(asctime)s \t%(levelname)s\t| %(message)s` # A string format for logging.
LOG_DATEFMT=`%Y-%m-%d %H:%M:%S` # A string format for logging date.
LOG_LEVEL=`INFO` # A string level for logging.

Support

Due to time constraints @nikitastupin won’t be able to answer all the issues for some time but he’ll do his best to review & merge PRs

In the case of questions or issues with clairvoyance, please refer to the wiki or issues. If this doesn’t solve your problem, feel free to open a new issue.

Contributing

Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change. For more information about tests, internal project structure, and so on, refer to the Development Wiki page.

Documentation

You may find more details on how the tool works in the second half of the GraphQL APIs from bug hunter’s perspective by Nikita Stupin talk.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: API SecurityGraphQLIntrospection
2 years ago

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

3 weeks ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

3 weeks ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

3 weeks ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

3 weeks ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

3 weeks ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

3 weeks ago