diff --git a/test.yaml b/test.yaml new file mode 100644 index 0000000000..bc882ffcdd --- /dev/null +++ b/test.yaml @@ -0,0 +1,65 @@ +id: graphql + +info: + name: GraphQL API + author: NkxxkN & ELSFA7110 + severity: info + +requests: + - method: POST + path: + - "{{BaseURL}}/graphql" + - "{{BaseURL}}/graphiql" + - "{{BaseURL}}/graphql.php" + - "{{BaseURL}}/graphql/console" + - "{{BaseURL}}/v1" + - "{{BaseURL}}/v2" + - "{{BaseURL}}/v3" + - "{{BaseURL}}/graphql-console" + - "{{BaseURL}}/query-laravel" + - "{{BaseURL}}/v3/subscriptions" + - "{{BaseURL}}/v3/graphql/schema.xml" + - "{{BaseURL}}/v3/graphql/schema.yaml" + - "{{BaseURL}}/v3/playground" + - "{{BaseURL}}/v3/graphql/schema.json" + - "{{BaseURL}}/graphql/schema.yaml" + - "{{BaseURL}}/graphql/schema.xml" + - "{{BaseURL}}/graphql/schema.json" + - "{{BaseURL}}/graphiql/finland" + - "{{BaseURL}}/graphiql.css" + - "{{BaseURL}}/graphql-devtools" + - "{{BaseURL}}/graphql/v1" + - "{{BaseURL}}/v1/graphql" + - "{{BaseURL}}/lol/graphql" + - "{{BaseURL}}/lol/graphql/v1" + - "{{BaseURL}}/api/graphql/v1" + - "{{BaseURL}}/portal-graphql" + - "{{BaseURL}}/graphql-playground" + - "{{BaseURL}}/laravel-graphql-playground" + - "{{BaseURL}}/query-explorer" + - "{{BaseURL}}/sphinx-graphiql" + - "{{BaseURL}}/express-graphql" + - "{{BaseURL}}/query" + - "{{BaseURL}}/HyperGraphQL" + - "{{BaseURL}}/graphql/graphql-playground" + - "{{BaseURL}}/graphql-playground-html" + - "{{BaseURL}}/graph_cms" + - "{{BaseURL}}/query-api" + - "{{BaseURL}}/api/cask/graphql-playground" + + headers: + Content-Type: application/json + body: '{"query":"query IntrospectionQuery{__schema {queryType { name }}}"}' + + matchers-condition: and + matchers: + - type: status + status: + - 200 + - type: regex + regex: + - "(Query |QUERY |query ).*?" + - "(Graph|GRAPH|graph).*?" + - "__schema" + - "(Introspection|INTROSPECTION|introspection).*?" + - ".*?operation not found.*?"