nicholasaleks / graphql-threat-matrix
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations
☆306Updated last year
Alternatives and similar repositories for graphql-threat-matrix:
Users that are interested in graphql-threat-matrix are comparing it to the libraries listed below
- graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology…☆624Updated last week
- Security Auditor Utility for GraphQL APIs☆450Updated 2 months ago
- The only GraphQL wordlist you'll ever need. Operations, field names, type names... Collected on more than 60k distinct GraphQL schemas.☆358Updated last year
- CrackQL is a GraphQL password brute-force and fuzzing utility.☆328Updated 8 months ago
- GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations☆385Updated 2 years ago
- Burp Suite extension that offers a toolkit for testing GraphQL endpoints.☆191Updated 8 months ago
- GraphQL automated security testing toolkit☆315Updated last year
- Escalate your SSRF vulnerabilities on Modern Cloud Environments. `surf` allows you to filter a list of hosts, returning a list of viable …☆632Updated last year
- A tool for auditing endpoints defined in exposed (Swagger/OpenAPI) definition files.☆627Updated last week
- ☆481Updated 11 months ago
- EvenBetter is a frontend Caido plugin that makes the Caido experience even better 😎☆142Updated last month
- Awesome information for WebSockets security research☆267Updated 3 years ago
- PP-finder Help you find gadget for prototype pollution exploitation☆157Updated 8 months ago
- GQLSpection - parses GraphQL introspection schema and generates possible queries☆84Updated last month
- 🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️☆215Updated last year
- Find authentication (authn) and authorization (authz) security bugs in web application routes.☆261Updated last month
- CT Log Scanner☆349Updated 3 weeks ago
- Prototype pollution scanner using headless chrome☆218Updated 2 years ago
- Bambdas collection for Burp Suite Professional and Community.☆273Updated last week
- Automated learning of regexes for DNS discovery☆364Updated 2 years ago
- Unsecure time-based secret exploitation and Sandwich attack implementation Resources☆134Updated 4 months ago
- A curated list of awesome GraphQL Security frameworks, libraries, software and resources☆328Updated last year
- ☆199Updated 11 months ago
- ☆173Updated 6 months ago
- Burp extension to create target specific and tailored wordlist from burp history.☆237Updated 3 years ago
- A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way t…☆231Updated 3 years ago
- FlowMate, a BurpSuite extension that brings taint analysis to web applications, by tracking all parameters send to a target application a…☆157Updated 5 months ago
- A Firefox Web Extension to improve the discovery of DOM XSS.☆272Updated 5 months ago
- The Distributed Scanning Framework for Everybody! Control Your Infrastructure, Scale Your Scanning—On Your Terms. Easily distribute arbit…☆455Updated this week
- ☆169Updated 2 months ago