nuclei-templates/technologies/apollo-server-detect.yaml

id: apollo-server-detect

info:
  name: Apollo Server GraphQL introspection detection
  author: idealphase
  severity: info
  description: Apollo Server is a community-maintained open-source GraphQL server. It works with many Node.js HTTP server frameworks, or can run on its own with a built-in Express server. Apollo Server works with any GraphQL schema built with GraphQL.js--or define a schema's type definitions using schema definition language (SDL).
  reference:
    - https://github.com/apollographql/apollo-server
  tags: apollo,detect,graphql,tech

requests:
  - method: POST
    path:
      - "{{BaseURL}}/graphql"

    headers:
      Content-Type: application/json

    body: |
      {"query":"query IntrospectionQuery{__schema{queryType{name}mutationType{name}subscriptionType{name}types{...FullType}directives{name description locations args{...InputValue}}}}fragment FullType on __Type{kind name description fields(includeDeprecated:true){name description args{...InputValue}type{...TypeRef}isDeprecated deprecationReason}inputFields{...InputValue}interfaces{...TypeRef}enumValues(includeDeprecated:true){name description isDeprecated deprecationReason}possibleTypes{...TypeRef}}fragment InputValue on __InputValue{name description type{...TypeRef}defaultValue}fragment TypeRef on __Type{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name ofType{kind name}}}}}}}}"}

    matchers-condition: and
    matchers:
      - type: word
        part: header
        words:
          - "Content-Type: application/json"

      - type: word
        part: body
        words:
          - "GraphQL introspection is not allowed by Apollo Server"

      - type: status
        status:
          - 400