graphw00f is a GraphQL fingerprinting tool designed for security professionals. It identifies GraphQL server engines by sending benign and malformed queries, analyzing unique responses to distinguish implementations. Key features include:
- Engine Detection: Identifies various GraphQL engines like Graphene, Apollo, and WPGraphQL.
- Threat Matrix Integration: Uses the GraphQL Threat Matrix to provide insights into security features and CVEs.
- Customizable Headers: Supports custom headers and cookies for specific endpoints.
- Detection & Fingerprinting Modes: Detects GraphQL endpoints and fingerprints the engine in one go.
Use cases include:
- Identifying the technology stack behind a GraphQL endpoint.
- Assessing the security posture of GraphQL implementations.
- Guiding security engineers in understanding potential vulnerabilities.
