nicholasaleks / graphql-threat-matrix
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
☆273Updated 9 months ago
Related projects: ⓘ
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…☆540Updated last week
- Security Auditor Utility for GraphQL APIs☆346Updated last week
- CrackQL is a GraphQL password brute-force and fuzzing utility.☆308Updated last month
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.☆318Updated 11 months ago
- GraphQL automated security testing toolkit☆296Updated 6 months ago
- GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations☆361Updated last year
- Burp Suite extension that offers a toolkit for testing GraphQL endpoints.☆182Updated last month
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆523Updated 9 months ago
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆467Updated this week
- gRPC-Web Pentesting Suite + Burp Suite Extension☆159Updated 2 months ago
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆250Updated 2 months ago
- A curated list of awesome GraphQL Security frameworks, libraries, software and resources☆294Updated 7 months ago
- GQLSpection - parses GraphQL introspection schema and generates possible queries☆67Updated 2 months ago
- Blazing fast GraphQL discovery & fingerprinting toolbox.☆97Updated 9 months ago
- ☆332Updated 4 months ago
- Awesome information for WebSockets security research☆244Updated 2 years ago
- Unofficial documentation for the great tool Param Miner☆169Updated 2 years ago
- Bambdas collection for Burp Suite Professional and Community.☆192Updated last month
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆151Updated 3 weeks ago
- Automated learning of regexes for DNS discovery☆350Updated last year
- ☆143Updated last year
- ☆172Updated 6 months ago
- Misconfig Mapper is a fast tool to help you uncover security misconfigurations on popular third-party services used by your company and/o…☆333Updated last week
- A Firefox Web Extension to improve the discovery of DOM XSS.☆249Updated 11 months ago
- ☆189Updated 3 months ago
- Obtain GraphQL API schema even if the introspection is disabled☆1,005Updated last week
- Fast and customizable vulnerability scanner For JIRA written in Python☆318Updated 7 months ago
- The Bug Bounty Reconnaissance Framework (BBRF) can help you coordinate your reconnaissance workflows across multiple devices☆287Updated last year
- Vulnerability Scan with Nuclei☆238Updated last month
- EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎☆123Updated 2 weeks ago