Kali Linux

Graphw00F : GraphQL fingerprinting tool for GQL endpoints

Graphw00F (inspired by wafw00f) is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. graphw00f will provide insights into what security defences each technology provides out of the box, and whether they are on or off by default.

Specially crafted queries cause different GraphQL server implementations to respond uniquely to queries, mutations and subscriptions, this makes it trivial to fingerprint the backend engine and distinguish between the various GraphQL implementations. (CWE: CWE-200)

Detections

graphw00f currently attempts to discover the following GraphQL engines:

  • Graphene – Python
  • Ariadne – Python
  • Apollo – TypeScript
  • graphql-go – Go
  • gqlgen – Go
  • WPGraphQL – PHP
  • GraphQL API for WordPress – PHP
  • Ruby – GraphQL
  • graphql-php – PHP
  • Hasura – Haskell
  • HyperGraphQL – Java
  • graphql-java – Java
  • Juniper – Rust
  • Sangria – Scala
  • Flutter – Dart
  • Diana.jl – Julia
  • Strawberry – Python
  • Tartiflette – Python

GraphQL Technologies Defence Matrices

Each fingerprinted technology (e.g. Graphene, Ariadne, …) has an associated document (example for graphene) which covers the security defence mechanisms the specific technology supports to give a better idea how the implementation may be attacked.

Field SuggestionsQuery Depth LimitQuery Cost AnalysisAutomatic Persisted QueriesIntrospectionDebug ModeBatch Requests
On by DefaultNo SupportNo SupportNo SupportEnabled by DefaultN/AOff by Default

Prerequisites

  • python3
  • requests

Installation

Clone Repository

git clone git@github.com:dolevf/graphw00f.git

Run graphw00f

python3 main.py -h

Usage: main.py -h
Options:
-h, –help show this help message and exit
-r, –noredirect Do not follow redirections given by 3xx responses
-t URL, –target=URL target url with the path
-o OUTPUT_FILE, –output-file=OUTPUT_FILE
Output results to a file (CSV)
-l, –list List all GraphQL technologies graphw00f is able to
detect
-v, –version Print out the current version and exit.

Example

python3 main.py -t http://127.0.0.1:5000/graphql
+——————-+
| graphw00f |
+——————-+
*** ***
** ***
** **
+————–+ +————–+
| Node X | | Node Y |
+————–+ +————–+
*** ***
** **
** **
+————+
| Node Z |
+————+
graphw00f – v1.0.0
The fingerprinting tool for GraphQL
[] Checking if GraphQL is available at https://demo.hypergraphql.org:8484/graphql… [] Found GraphQL…
[] Attempting to fingerprint… [] Discovered GraphQL Engine: (HyperGraphQL)
[!] Attack Surface Matrix: https://github.com/dolevf/graphw00f/blob/main/docs/hypergraphql.md
[!] Technologies: Java
[!] Homepage: https://www.hypergraphql.org
[*] Completed.

Download

R K

Leave a Comment
Share
Published by
R K
Tags: fingerprinting toolGQL endpointsGraphQLGraphw00F
3 years ago

Recent Posts

Kali Linux 2024.4 Released, What’s New?

Kali Linux 2024.4, the final release of 2024, brings a wide range of updates and…

13 hours ago

Lifetime-Amsi-EtwPatch : Disabling PowerShell’s AMSI And ETW Protections

This Go program applies a lifetime patch to PowerShell to disable ETW (Event Tracing for…

13 hours ago

GPOHunter – Active Directory Group Policy Security Analyzer

GPOHunter is a comprehensive tool designed to analyze and identify security misconfigurations in Active Directory…

3 days ago

2024 MITRE ATT&CK Evaluation Results – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders…

5 days ago

SecHub : Streamlining Security Across Software Development Lifecycles

The free and open-source security platform SecHub, provides a central API to test software with…

1 week ago

Hawker : The Comprehensive OSINT Toolkit For Cybersecurity Professionals

Don't worry if there are any bugs in the tool, we will try to fix…

1 week ago