Kali Linux

Graphql-Threat-Matrix : GraphQL Threat Framework Used By Security Professionals

graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations.

The differences in how GraphQL implementations interpret and conform to the GraphQL specification may lead to security gaps and unique attack vectors. By analyzing and comparing the factors that drive the security risks across different implementations the GraphQL ecosystem can make safer deployment decisions as well as collectively advance the security maturity of all implementations.

Legend
✅  – Enabled by Default
⚠️  – Disabled by Default
❌  – No Support

ImplementationValidationsField SuggestionsQuery Depth limitQuery Cost AnalysisAutomatic Persisted QueriesIntrospectionDebug ModeBatch Requests
wp-graphql38⚠️⚠️⚠️
graphql-php37⚠️⚠️⚠️⚠️
Apollo34⚠️⚠️
graphql-yoga34⚠️⚠️⚠️⚠️
graphene34⚠️
Ariadne34⚠️⚠️⚠️
Strawberry34⚠️
graphql-ruby28⚠️⚠️
Sangria27⚠️⚠️⚠️
Tartiflette26
graphql-java26⚠️⚠️⚠️
gqlgen25⚠️⚠️⚠️⚠️
Dgraph25⚠️
graphql-go24⚠️
juniper24⚠️
Diana.jl10
gql-dart/gql9
Agoo1⚠️

For Penetration Testers

Use graphw00f to fingerprint a target GraphQL API and determine the backend implementation.

R K

Recent Posts

cp Command: Copy Files and Directories in Linux

The cp command, short for "copy," is the main Linux utility for duplicating files and directories. Whether…

7 days ago

Image OSINT

Introduction In digital investigations, images often hold more information than meets the eye. With the…

7 days ago

cat Command: Read and Combine File Contents in Linux

The cat command short for concatenate, It is a fast and versatile tool for viewing and merging…

7 days ago

Port In Networking

What is a Port? A port in networking acts like a gateway that directs data…

7 days ago

ls Command: List Directory Contents in Linux

The ls command is fundamental for anyone working with Linux. It’s used to display the files and…

1 week ago

pwd Command: Find Your Location in Linux

The pwd (Print Working Directory) command is essential for navigating the Linux filesystem. It instantly shows your…

1 week ago