nicholasaleks/graphql-threat-matrix external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

nicholasaleks/graphql-threat-matrix

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/nicholasaleks/graphql-threat-matrix)

Close

nicholasaleks / graphql-threat-matrixView on GitHubMore

• External links
• Readme badge

GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations

☆349Jul 1, 2025Updated 8 months ago

Alternatives and similar repositories for graphql-threat-matrix

Users that are interested in graphql-threat-matrix are comparing it to the libraries listed below

• dolevf / graphw00f

  View on GitHub
  graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…
  ☆814Jun 9, 2025Updated 9 months ago
• nicholasaleks / CrackQL

  View on GitHub
  CrackQL is a GraphQL password brute-force and fuzzing utility.
  ☆345Aug 3, 2024Updated last year
• dolevf / graphql-cop

  View on GitHub
  Security Auditor Utility for GraphQL APIs
  ☆605Nov 20, 2025Updated 3 months ago
• nikitastupin / clairvoyance

  View on GitHub
  Obtain GraphQL API schema even if the introspection is disabled
  ☆1,399Dec 5, 2025Updated 3 months ago
• dolevf / Black-Hat-GraphQL

  View on GitHub
  The Black Hat GraphQL Book Repository
  ☆281Jul 19, 2025Updated 7 months ago
• dolevf / Damn-Vulnerable-GraphQL-Application

  View on GitHub
  Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practis…
  ☆1,677May 24, 2025Updated 9 months ago
• assetnote / batchql

  View on GitHub
  GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations
  ☆409Dec 24, 2022Updated 3 years ago
• Escape-Technologies / graphql-wordlist

  View on GitHub
  The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.
  ☆457Oct 3, 2023Updated 2 years ago
• swisskyrepo / GraphQLmap

  View on GitHub
  GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
  ☆1,631Mar 11, 2024Updated last year
• gsmith257-cyber / GraphCrawler

  View on GitHub
  GraphQL automated security testing toolkit
  ☆333Feb 20, 2024Updated 2 years ago
• doyensec / inql

  View on GitHub
  InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable…
  ☆1,737Feb 16, 2026Updated 3 weeks ago
• forcesunseen / graphquail

  View on GitHub
  Burp Suite extension that offers a toolkit for testing GraphQL endpoints.
  ☆203Aug 5, 2024Updated last year
• doyensec / GQLSpection

  View on GitHub
  GQLSpection - parses GraphQL introspection schema and generates possible queries
  ☆99Mar 6, 2025Updated last year
• dolevf / nmap-graphql-introspection-nse

  View on GitHub
  NSE Script for GraphQL Introspection Check
  ☆24Jan 9, 2022Updated 4 years ago
• assetnote / surf

  View on GitHub
  Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …
  ☆753Dec 19, 2023Updated 2 years ago
• assetnote / kiterunner

  View on GitHub
  Contextual Content Discovery Tool
  ☆3,106Apr 29, 2024Updated last year
• BuffaloWill / burpsuite-project-file-parser

  View on GitHub
  A Burp Suite Extension for parsing Project Files from the CLI.
  ☆91Jan 16, 2026Updated last month
• bitquark / shortscan

  View on GitHub
  An IIS short filename enumeration tool
  ☆1,127Nov 25, 2024Updated last year
• hakluke / hakoriginfinder

  View on GitHub
  Tool for discovering the origin host behind a reverse proxy. Useful for bypassing cloud WAFs!
  ☆985Jan 12, 2024Updated 2 years ago
• ivision-research / vulnerable-graphql-api

  View on GitHub
  A very vulnerable implementation of a GraphQL API.
  ☆61Nov 12, 2021Updated 4 years ago
• Escape-Technologies / graphinder

  View on GitHub
  🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️
  ☆227May 22, 2023Updated 2 years ago
• cybervelia / graphicator

  View on GitHub
  A GraphQL enumeration and extraction tool
  ☆133Jan 29, 2023Updated 3 years ago
• bnematzadeh / LoggerPlusPlus-API-Filters

  View on GitHub
  A comprehensive list of custom filters for Logger++ to identify various vulnerabilities in different API styles
  ☆236Oct 15, 2024Updated last year
• BishopFox / jsluice

  View on GitHub
  Extract URLs, paths, secrets, and other interesting bits from JavaScript
  ☆1,773May 22, 2024Updated last year
• 0xacb / recollapse

  View on GitHub
  REcollapse is a helper tool for black-box regex fuzzing to bypass validations and discover normalizations in web applications
  ☆1,293Aug 7, 2025Updated 7 months ago
• xnl-h4ck3r / xnLinkFinder

  View on GitHub
  A python tool used to discover endpoints, potential parameters, a target specific wordlist for a given target and secrets
  ☆1,530Updated this week
• devploit / debugHunter

  View on GitHub
  Discover hidden debugging parameters and uncover web application secrets
  ☆246Feb 4, 2026Updated last month
• Brum3ns / firefly

  View on GitHub
  Black box fuzzer for web applications
  ☆436Jul 20, 2025Updated 7 months ago
• PalindromeLabs / STEWS

  View on GitHub
  A Security Tool for Enumerating WebSockets
  ☆366Jan 10, 2022Updated 4 years ago
• hahwul / RegexPassive

  View on GitHub
  🔭 Collection of regexp pattern for security passive scanning
  ☆116Feb 18, 2023Updated 3 years ago
• optionalCTF / SSOh-No

  View on GitHub
  User enumeration and password spraying tool for testing Azure AD
  ☆71Mar 3, 2022Updated 4 years ago
• Sh1Yo / x8

  View on GitHub
  Hidden parameters discovery suite
  ☆2,028Sep 8, 2024Updated last year
• gwen001 / graphql-introspection-analyzer

  View on GitHub
  Graphql introspection query analyzer.
  ☆18Mar 28, 2023Updated 2 years ago
• trufflesecurity / of-CORS

  View on GitHub
  ☆154Aug 18, 2023Updated 2 years ago
• ticarpi / jwt_tool

  View on GitHub
  A toolkit for testing, tweaking and cracking JSON Web Tokens
  ☆6,402May 1, 2025Updated 10 months ago
• g0ldencybersec / gungnir

  View on GitHub
  CT Log Scanner
  ☆516Dec 26, 2025Updated 2 months ago
• dipa96 / semgrep-rules

  View on GitHub
  Collection of rules for Static Application Security Testing (SAST) with Semgrep
  ☆12Apr 16, 2025Updated 10 months ago
• streaak / keyhacks

  View on GitHub
  Keyhacks is a repository which shows quick ways in which API keys leaked by a bug bounty program can be checked to see if they're valid.
  ☆6,089Aug 14, 2024Updated last year
• david3107 / graphql-security-labs

  View on GitHub
  GraphQL security workshop labs
  ☆117Jan 31, 2026Updated last month