GraphQL Cop

GraphQL Cop is a security auditor utility designed for GraphQL APIs. Written in Python, it's lightweight and focuses on identifying common GraphQL security vulnerabilities. It's particularly useful for integrating into CI/CD pipelines to ensure ongoing security.

Key features include:

• Vulnerability Detection: Identifies alias overloading, batch queries, CSRF vulnerabilities, information leaks via tracing/debug modes, field duplication, and more.
• Reproducible Findings: Provides cURL commands to reproduce identified vulnerabilities, aiding in verification and remediation.
• CI/CD Integration: Ideal for automated security checks in continuous integration and continuous deployment environments.
• Customizable Usage: Supports custom headers, proxies (including Tor), and wordlists for tailored scans.
• Docker Support: Easy deployment and execution via Docker.

GraphQL Cop targets security engineers, developers, and QA teams looking to automate and enhance the security posture of their GraphQL APIs.