LogoHackDB
icon of GraphQL Cop

GraphQL Cop

GraphQL Cop is a Python utility for running security tests against GraphQL APIs, ideal for CI/CD checks and vulnerability reproduction.

Introduction

GraphQL Cop is a security auditor utility designed for GraphQL APIs. Written in Python, it's lightweight and focuses on identifying common GraphQL security vulnerabilities. It's particularly useful for integrating into CI/CD pipelines to ensure ongoing security.

Key features include:

  • Vulnerability Detection: Identifies alias overloading, batch queries, CSRF vulnerabilities, information leaks via tracing/debug modes, field duplication, and more.
  • Reproducible Findings: Provides cURL commands to reproduce identified vulnerabilities, aiding in verification and remediation.
  • CI/CD Integration: Ideal for automated security checks in continuous integration and continuous deployment environments.
  • Customizable Usage: Supports custom headers, proxies (including Tor), and wordlists for tailored scans.
  • Docker Support: Easy deployment and execution via Docker.

GraphQL Cop targets security engineers, developers, and QA teams looking to automate and enhance the security posture of their GraphQL APIs.

Information

Categories

Tags

Newsletter

Join the Community

Subscribe to our newsletter for the latest news and updates