Clairvoyance is a game-changer for GraphQL API developers. This tool gets the GraphQL API schema from sites where introspection is turned off and displays it in a user-friendly JSON format.
Learn how to install it, how to use it in more advanced ways, and how to get help from a dedicated team of contributors. You’ll also find out how to help out and deal with possible problems.
Some GraphQL APIs have disabled introspection. For example, Apollo Server disables introspection automatically if the NODE_ENV
environment variable is set to production
.
Clairvoyance helps obtain the GraphQL API schema even if introspection is disabled. It produces schema in JSON format suitable for other tools like GraphQL Voyager, InQL or graphql-path-enum.
Thanks to the contributors for their work,
pip install clairvoyance
clairvoyance https://rickandmortyapi.com/graphql -o schema.json
# should take about 2 minutes
docker run --rm nikitastupin/clairvoyance --help
There are at least two approaches:
[_A-Za-z][_0-9A-Za-z]*
.LOG_FMT=`%(asctime)s \t%(levelname)s\t| %(message)s` # A string format for logging.
LOG_DATEFMT=`%Y-%m-%d %H:%M:%S` # A string format for logging date.
LOG_LEVEL=`INFO` # A string level for logging.
Due to time constraints @nikitastupin won’t be able to answer all the issues for some time but he’ll do his best to review & merge PRs
In the case of questions or issues with clairvoyance, please refer to the wiki or issues. If this doesn’t solve your problem, feel free to open a new issue.
Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change. For more information about tests, internal project structure, and so on, refer to the Development Wiki page.
You may find more details on how the tool works in the second half of the GraphQL APIs from bug hunter’s perspective by Nikita Stupin talk.
Cybersecurity tools play a critical role in safeguarding digital assets, systems, and networks from malicious…
MODeflattener is a specialized tool designed to reverse OLLVM's control flow flattening obfuscation through static…
"My Awesome List" is a curated collection of tools, libraries, and resources spanning various domains…
CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, allowed attackers to execute arbitrary…
The blog post "Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals" provides…
The exploitation of CVE-2018-17463, a type confusion vulnerability in Chrome’s V8 JavaScript engine, relies on…