Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebookâs GraphQL technology, to learn and practice GraphQL Security.
About DVGA
Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a GraphQL application, allowing developers and IT professionals to test for vulnerabilities.
DVGA has numerous flaws, such as Injections, Code Executions, Bypasses, Denial of Service, and more. See the full list under the Scenarios section.
Operation Modes
DVGA supports Beginner and Expert level game modes, which will change the exploitation difficulty.
Scenarios
Prerequisites
The following Python3 libraries are required:
See requirements.txt for dependencies.
Installation
Docker
git clone git@github.com:dolevf/Damn-Vulnerable-GraphQL-Application.git && cd Damn-Vulnerable-GraphQL-Application
Alternatively, pull the image directly from Docker Hub: docker pull dolevf/dvga
docker build -t dvga .
docker run -t -p 5000:5000 -e WEB_HOST=0.0.0.0 dvga
In your browser, navigate to http://localhost:5000
Optionally, if you need the application to bind on a specific port or interface, use the following command: docker run -e WEB_HOST=0.0.0.0 -e WEB_PORT=8080 -t -p 8080:8080 dvga
Server
cd /opt/
git clone git@github.com:dolevf/Damn-Vulnerable-GraphQL-Application.git && cd Damn-Vulnerable-GraphQL-Application
pip3 install -r requirements.txt
python3 app.py
In your browser, navigate to http://localhost:5000.
Screenshots
Disclaimer
DVGA is highly insecure, and as such, should not be deployed on internet facing servers. By default, the application is listening on 127.0.0.1 to avoid misconfigurations. DVGA is intentionally flawed and vulnerable, as such, it comes with no warranties. By using DVGA, you take full responsibility for using it.
Docker is a powerful open-source containerization platform that allows developers to build, test, and deploy…
Docker is one of the most widely used containerization platforms. But there may come a…
Introduction Google Dorking is a technique where advanced search operators are used to uncover information…
Introduction In cybersecurity and IT operations, logging fundamentals form the backbone of monitoring, forensics, and…
What is Networking? Networking brings together devices like computers, servers, routers, and switches so they…
Introduction In the world of Open Source Intelligence (OSINT), anonymity and operational security (OPSEC) are…