graphicator: GraphQL enumeration and extraction tool

by do son ·

GraphQL enumeration

Graphicator

Graphicator is a GraphQL “scraper” / extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such questions are created are used to send requests to the endpoint and save the returned response to a file.

Erroneous responses are not saved. By default the tool caches the correct responses and also caches the errors, thus when re-running the tool it won’t go into the same queries again.

Use it wisely and only for targets you have permission to interact with.

We hope the tool will automate your own tests as a penetration tester and gives some push even to those that don’t do GraphQLing test.

Installation

Install on your system

python3 -m pip install -r requirements.txt

Using a container instead

docker run –rm -it -p8005:80 cybervelia/graphicator –target http://the-target:port/graphql –verbose

When the task is done it zips the results and such zip is provided via a web server served on port 8005. To kill the container, provide CTRL+C. When the container is stopped the data are deleted too. Also, you may change the host port according to your needs.

Use

Output Structure

Three folders are created:

  • reqcache: The response of each valid query is stored in JSON format
  • reqcache-intro: All introspection queries are stored in a separate file in this directory
  • reqcache-queries: All queries are stored in a separate file in this directory. The filename of each query will match the corresponding filename in the reqcache directory that holds the query’s response.

The filename is the hash that takes account the query and the url.

Tutorial

Copyright (c) 2023 cybervelia

Tags: GraphQL enumeration