GraphQLmap: scripting engine to interact with a graphql endpoint for pentesting purposes
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes.
Features and examples
⚠️ Examples are based on several CTF challenges from HIP2019.
Dump a GraphQL schema
Use dump to dump the GraphQL schema, this function will automatically populate the “autocomplete” with the found fields.
Interact with a GraphQL endpoint
Write a GraphQL request and execute it.
GraphQL field fuzzing
Use GRAPHQL_INCREMENT and GRAPHQL_CHARSET to fuzz a parameter.
Use BLIND_PLACEHOLDER inside the query for the nosqli function.
git clone https://github.com/swisskyrepo/GraphQLmap.git
Copyright (c) 2019 Swissky