GraphQLmap

GraphQLmap

GraphQLmap is a scripting engine designed for penetration testing GraphQL endpoints. It automates interaction, schema dumping, and fuzzing to uncover vulnerabilities.

Key features:

• Schema Dumping: Automatically extracts GraphQL schema for analysis.
• Query Execution: Enables direct interaction with GraphQL endpoints using custom queries.
• Field Fuzzing: Supports bruteforcing and iterating over GraphQL parameters to identify potential weaknesses.
• Injection Testing: Facilitates NoSQL and SQL injection attempts within GraphQL fields.
• Batching: Supports GraphQL batching to send multiple queries in a single request.

Use cases:

• Security audits of GraphQL APIs.
• Bug bounty hunting on platforms using GraphQL.
• Penetration testing engagements targeting GraphQL implementations.