GraphQLmap
GraphQLmap is a scripting engine designed for penetration testing GraphQL endpoints. It automates interaction, schema dumping, and fuzzing to uncover vulnerabilities.
Key features:
- Schema Dumping: Automatically extracts GraphQL schema for analysis.
- Query Execution: Enables direct interaction with GraphQL endpoints using custom queries.
- Field Fuzzing: Supports bruteforcing and iterating over GraphQL parameters to identify potential weaknesses.
- Injection Testing: Facilitates NoSQL and SQL injection attempts within GraphQL fields.
- Batching: Supports GraphQL batching to send multiple queries in a single request.
Use cases:
- Security audits of GraphQL APIs.
- Bug bounty hunting on platforms using GraphQL.
- Penetration testing engagements targeting GraphQL implementations.
