Escape-Technologies / awesome-graphql-security
A curated list of awesome GraphQL Security frameworks, libraries, software and resources
☆317Updated last year
Alternatives and similar repositories for awesome-graphql-security:
Users that are interested in awesome-graphql-security are comparing it to the libraries listed below
- Security Auditor Utility for GraphQL APIs☆420Updated 2 weeks ago
- GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations☆301Updated last year
- Blazing fast GraphQL discovery & fingerprinting toolbox.☆106Updated last year
- 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️☆207Updated last year
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…☆600Updated 2 months ago
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.☆349Updated last year
- GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations☆375Updated 2 years ago
- 🔒 A free, open-source platform dedicated to understand and secure GraphQL applications — all directly in your browser!☆53Updated 3 months ago
- A Broken Application - Very Vulnerable!☆140Updated this week
- CrackQL is a GraphQL password brute-force and fuzzing utility.☆322Updated 6 months ago
- GraphQL automated security testing toolkit☆311Updated 11 months ago
- Burp Suite extension that offers a toolkit for testing GraphQL endpoints.☆189Updated 6 months ago
- Obtain GraphQL API schema even if the introspection is disabled☆1,111Updated 4 months ago
- Websec interview questions by tib3rius answered☆306Updated last year
- openrisk is a tool that generates a risk score based on the results of a Nuclei scan.☆167Updated last week
- A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. Use c{api}tal to learn, train and exploit API Sec…☆283Updated 10 months ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆581Updated 3 months ago
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆622Updated last year
- Research on GraphQL from an AppSec point of view.☆412Updated last year
- 🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️☆511Updated this week
- Attack surface detector that identifies endpoints by static analysis☆650Updated last week
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆256Updated 7 months ago
- InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…☆1,586Updated 7 months ago
- 🚀 Join us for 30days of daily API security tests. #30days30tests We've spent last 120days building amazing API security tests for the c…☆209Updated last year
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆156Updated 3 months ago
- The OWASP DevSecOps Guideline explains how we can implement a secure pipeline and use best practices and introduce tools that we can use …☆62Updated 8 months ago
- A tool to scrape the AWS ranges looking for a keyword in SSL certificate data.☆229Updated last year
- Awesome information for WebSockets security research☆259Updated 3 years ago
- Tool to detect and monitor GitHub org users' public repositories for secrets and sensitive files☆216Updated last month
- A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way t…☆229Updated 3 years ago