graphw00f (inspired by wafw00f) is a GraphQL fingerprinting tool for GQL endpoints, which sends a mix of benign and malformed queries to determine the GraphQL engine running behind the scenes. graphw00f provides insights into what security defenses each technology provides out of the box, and whether they are on or off by default.

Specially crafted queries cause different GraphQL server implementations to respond uniquely to queries, mutations and subscriptions, this makes it trivial to fingerprint the backend engine and distinguish between the various GraphQL implementations. (CWE: CWE-200)

Contact details/more about Graphw00f:
https://github.com/dolevf/graphw00f
  / dolev_fr  

The Tool Box showcases open-source cybersecurity tools. If you're interested in being featured, fill up the form at https://forms.gle/1fyioigCiVtdVHEV8

--------------------------------------------------

About Pentester Academy TV
Pentester Academy TV, the media arm of Pentester Academy, provides the cyber security community with programs focusing on cyber security education, learning, research articles and blogs. Find out more about us at https://bit.ly/3iFwkq9

Note: All our materials are strictly meant for educational purposes.