GraphQL Cop is a security auditor utility designed for GraphQL APIs. Written in Python, it's lightweight and focuses on identifying common GraphQL security vulnerabilities. It's particularly useful for integrating into CI/CD pipelines to ensure ongoing security.
Key features include:
- Vulnerability Detection: Identifies alias overloading, batch queries, CSRF vulnerabilities, information leaks via tracing/debug modes, field duplication, and more.
- Reproducible Findings: Provides cURL commands to reproduce identified vulnerabilities, aiding in verification and remediation.
- CI/CD Integration: Ideal for automated security checks in continuous integration and continuous deployment environments.
- Customizable Usage: Supports custom headers, proxies (including Tor), and wordlists for tailored scans.
- Docker Support: Easy deployment and execution via Docker.
GraphQL Cop targets security engineers, developers, and QA teams looking to automate and enhance the security posture of their GraphQL APIs.
