Penetration tests are used to evaluate the security of infrastructures such as GraphQL APIs, by exploiting vulnerabilities in a safe environment. Thes

Graphinder: lightweight and blazing fast GraphQL endpoint finder

submited by
Style Pass
2022-05-13 10:30:08

Penetration tests are used to evaluate the security of infrastructures such as GraphQL APIs, by exploiting vulnerabilities in a safe environment.

These tests are usually conducted on big infrastructures exposed to black hat hackers and could lose big in case of a vulnerability exploit. Because pentesting requires a very specific set of skills, they are most often delegated to external entities (cybersecurity experts) and follow a conventional routine.

At Escape, we’re building automated security scans for GraphQL APIs using smart fuzzing and complex graph algorithms. In essence, we are building GraphQL pentesting as a service.

Graphinder uses subdomain enumeration, script analysis and brute-force techniques to find every GraphQL endpoint in minutes, not hours!

Combined with other open-source projects such as dolevf/graphwoof - a utility to identify the GraphQL engine used behind an endpoint - discovery is becoming more accessible for GraphQL pentesters!

Leave a Comment