graphw00f

GraphQL Server Engine Fingerprinting utility for software security professionals.

image of graphw00f

Introduction

graphw00f is a GraphQL fingerprinting tool designed for security professionals. It identifies GraphQL server engines by sending benign and malformed queries, analyzing unique responses to distinguish implementations. Key features include:

Engine Detection: Identifies various GraphQL engines like Graphene, Apollo, and WPGraphQL.
Threat Matrix Integration: Uses the GraphQL Threat Matrix to provide insights into security features and CVEs.
Customizable Headers: Supports custom headers and cookies for specific endpoints.
Detection & Fingerprinting Modes: Detects GraphQL endpoints and fingerprints the engine in one go.

Use cases include:

Identifying the technology stack behind a GraphQL endpoint.
Assessing the security posture of GraphQL implementations.
Guiding security engineers in understanding potential vulnerabilities.

Information

Publisher
Admin
Websitegithub.com
Published date2025/04/11

Categories

API Security

Tags

API

More Products

image of Prism

API Security

Prism

Prism is an open-source HTTP mock and proxy server that accelerates API development with realistic mock servers powered by OpenAPI documents.

image of RESTler

API SecurityCloud Security

RESTler

RESTler is a stateful REST API fuzzing tool for automatically testing cloud services and finding security and reliability bugs.

image of WuppieFuzz

API Security

WuppieFuzz

WuppieFuzz: coverage-guided REST API fuzzer using LibAFL, easy-to-use, explainable flaws, modular, supports black/grey/white box testing.