HackDB

Sign In

Tag

Listing

Pages

Company

graphw00f

Graphw00f is a GraphQL server engine fingerprinting tool. It identifies backend technologies and security defenses by analyzing unique endpoint responses.

Visit Website Share on X

Visit Website

Introduction

graphw00f is a GraphQL fingerprinting tool designed for security professionals. It identifies GraphQL server engines by sending benign and malformed queries, analyzing unique responses to distinguish implementations. Key features include:

Engine Detection: Identifies various GraphQL engines like Graphene, Apollo, and WPGraphQL.
Threat Matrix Integration: Uses the GraphQL Threat Matrix to provide insights into security features and CVEs.
Customizable Headers: Supports custom headers and cookies for specific endpoints.
Detection & Fingerprinting Modes: Detects GraphQL endpoints and fingerprints the engine in one go.

Use cases include:

Identifying the technology stack behind a GraphQL endpoint.
Assessing the security posture of GraphQL implementations.
Guiding security engineers in understanding potential vulnerabilities.

Back

Information

Publisher
Admin
Websitegithub.com
Created date04/11/2025
Published date04/11/2025

More Resources

Application SecurityAPI Security

Visit Website

Titus

Details

Titus is a high-performance secrets scanner that detects and validates leaked credentials in code, binaries, and HTTP traffic for offensive engagements.

Static Analysis API Web Mobile External

Application SecurityAPI Security

Visit Website

Webhook.site

Details

Webhook.site allows red teams to capture and inspect HTTP requests in real-time. It is essential for testing blind OOB vulnerabilities and exfiltration.

Web API Cloud