Clairvoyance is a game-changer for GraphQL API developers. This tool gets the GraphQL API schema from sites where introspection is…
Graphicator is a GraphQL "scraper" / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint,…
Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. Version 1.2 is out NEW: Can search…
graphql-threat-matrix was built for bug bounty hunters, security researchers and hackers to assist with uncovering vulnerabilities across multiple GraphQL implementations. The…
BatchQL is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. This script is…
Graphw00F (inspired by wafw00f) is the GraphQL fingerprinting tool for GQL endpoints, it sends a mix of benign and malformed queries…
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. Install $ git clone https://github.com/swisskyrepo/GraphQLmap$ python…
Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. About…
InQL is a security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone…
A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or…