← All tools

graphw00f

https://github.com/dolevf/graphw00f

Open Source

Categories

Reconnaissance Scanning & Enumeration Web Application

Description

graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.

Keywords

enumeration fingerprinting graphql information-gathering penetration-testing security python

Screenshots

Example Usage

Usage: main.py -d -f -t http://example.com

Options:
  -h, --help            show this help message and exit
  -r, --noredirect      Do not follow redirections given by 3xx responses
  -t URL, --target=URL  target url with the path
  -f, --fingerprint     fingerprint mode
  -d, --detect          detect mode
  -p PROXY, --proxy=PROXY
                        HTTP(S) proxy URL in the form
                        http://user:pass@host:port
  -T TIMEOUT, --timeout=TIMEOUT
                        Request timeout in seconds
  -o OUTPUT_FILE, --output-file=OUTPUT_FILE
                        Output results to a file (CSV)
  -l, --list            List all GraphQL technologies graphw00f is able to
                        detect
  -u USERAGENT, --user-agent=USERAGENT
                        Custom user-agent to use (overrides the one from
                        headers configuration)
  -H HEADER, --header=HEADER
                        Custom headers to send (e.g. "Authorization: Bearer
                        ey...").
  -w WORDLIST, --wordlist=WORDLIST
                        Path to a list of custom GraphQL endpoints
  -v, --version         Print out the current version and exit.