id: graphql-detect

info:
  name: GraphQL API Detection
  author: nkxxkn,elsfa7110,ofjaaah,exceed
  severity: info
  tags: tech,graphql

requests:
  - method: POST
    path:
      - "{{BaseURL}}/HyperGraphQL"
      - "{{BaseURL}}/___graphql"
      - "{{BaseURL}}/altair"
      - "{{BaseURL}}/api/cask/graphql-playground"
      - "{{BaseURL}}/api/graphql"
      - "{{BaseURL}}/api/graphql/v1"
      - "{{BaseURL}}/explorer"
      - "{{BaseURL}}/express-graphql"
      - "{{BaseURL}}/gql"
      - "{{BaseURL}}/graph"
      - "{{BaseURL}}/graph_cms"
      - "{{BaseURL}}/graphiql"
      - "{{BaseURL}}/graphiql.css"
      - "{{BaseURL}}/graphiql.js"
      - "{{BaseURL}}/graphiql.min.css"
      - "{{BaseURL}}/graphiql.min.js"
      - "{{BaseURL}}/graphiql.php"
      - "{{BaseURL}}/graphiql/finland"
      - "{{BaseURL}}/graphql"
      - "{{BaseURL}}/graphql-console"
      - "{{BaseURL}}/graphql-devtools"
      - "{{BaseURL}}/graphql-explorer"
      - "{{BaseURL}}/graphql-playground"
      - "{{BaseURL}}/graphql-playground-html"
      - "{{BaseURL}}/graphql.php"
      - "{{BaseURL}}/graphql/console"
      - "{{BaseURL}}/graphql/graphql-playground"
      - "{{BaseURL}}/graphql/schema.json"
      - "{{BaseURL}}/graphql/schema.xml"
      - "{{BaseURL}}/graphql/schema.yaml"
      - "{{BaseURL}}/graphql/v1"
      - "{{BaseURL}}/je/graphql"
      - "{{BaseURL}}/laravel-graphql-playground"
      - "{{BaseURL}}/playground"
      - "{{BaseURL}}/portal-graphql"
      - "{{BaseURL}}/query"
      - "{{BaseURL}}/query-api"
      - "{{BaseURL}}/query-explorer"
      - "{{BaseURL}}/query-laravel"
      - "{{BaseURL}}/sphinx-graphiql"
      - "{{BaseURL}}/subscriptions"
      - "{{BaseURL}}/v1"
      - "{{BaseURL}}/v1/altair"
      - "{{BaseURL}}/v1/api/graphql"
      - "{{BaseURL}}/v1/explorer"
      - "{{BaseURL}}/v1/graph"
      - "{{BaseURL}}/v1/graphiql"
      - "{{BaseURL}}/v1/graphiql.css"
      - "{{BaseURL}}/v1/graphiql.js"
      - "{{BaseURL}}/v1/graphiql.min.css"
      - "{{BaseURL}}/v1/graphiql.min.js"
      - "{{BaseURL}}/v1/graphiql.php"
      - "{{BaseURL}}/v1/graphiql/finland"
      - "{{BaseURL}}/v1/graphql"
      - "{{BaseURL}}/v1/graphql-explorer"
      - "{{BaseURL}}/v1/graphql.php"
      - "{{BaseURL}}/v1/graphql/console"
      - "{{BaseURL}}/v1/graphql/schema.json"
      - "{{BaseURL}}/v1/graphql/schema.xml"
      - "{{BaseURL}}/v1/graphql/schema.yaml"
      - "{{BaseURL}}/v1/playground"
      - "{{BaseURL}}/v1/subscriptions"
      - "{{BaseURL}}/v2"
      - "{{BaseURL}}/v2/altair"
      - "{{BaseURL}}/v2/api/graphql"
      - "{{BaseURL}}/v2/explorer"
      - "{{BaseURL}}/v2/graph"
      - "{{BaseURL}}/v2/graphiql"
      - "{{BaseURL}}/v2/graphiql.css"
      - "{{BaseURL}}/v2/graphiql.js"
      - "{{BaseURL}}/v2/graphiql.min.css"
      - "{{BaseURL}}/v2/graphiql.min.js"
      - "{{BaseURL}}/v2/graphiql.php"
      - "{{BaseURL}}/v2/graphiql/finland"
      - "{{BaseURL}}/v2/graphql"
      - "{{BaseURL}}/v2/graphql-explorer"
      - "{{BaseURL}}/v2/graphql.php"
      - "{{BaseURL}}/v2/graphql/console"
      - "{{BaseURL}}/v2/graphql/schema.json"
      - "{{BaseURL}}/v2/graphql/schema.xml"
      - "{{BaseURL}}/v2/graphql/schema.yaml"
      - "{{BaseURL}}/v2/playground"
      - "{{BaseURL}}/v2/subscriptions"
      - "{{BaseURL}}/v3"
      - "{{BaseURL}}/v3/altair"
      - "{{BaseURL}}/v3/api/graphql"
      - "{{BaseURL}}/v3/explorer"
      - "{{BaseURL}}/v3/graph"
      - "{{BaseURL}}/v3/graphiql"
      - "{{BaseURL}}/v3/graphiql.css"
      - "{{BaseURL}}/v3/graphiql.js"
      - "{{BaseURL}}/v3/graphiql.min.css"
      - "{{BaseURL}}/v3/graphiql.min.js"
      - "{{BaseURL}}/v3/graphiql.php"
      - "{{BaseURL}}/v3/graphiql/finland"
      - "{{BaseURL}}/v3/graphql"
      - "{{BaseURL}}/v3/graphql-explorer"
      - "{{BaseURL}}/v3/graphql.php"
      - "{{BaseURL}}/v3/graphql/console"
      - "{{BaseURL}}/v3/graphql/schema.json"
      - "{{BaseURL}}/v3/graphql/schema.xml"
      - "{{BaseURL}}/v3/graphql/schema.yaml"
      - "{{BaseURL}}/v3/playground"
      - "{{BaseURL}}/v3/subscriptions"
      - "{{BaseURL}}/v4/altair"
      - "{{BaseURL}}/v4/api/graphql"
      - "{{BaseURL}}/v4/explorer"
      - "{{BaseURL}}/v4/graph"
      - "{{BaseURL}}/v4/graphiql"
      - "{{BaseURL}}/v4/graphiql.css"
      - "{{BaseURL}}/v4/graphiql.js"
      - "{{BaseURL}}/v4/graphiql.min.css"
      - "{{BaseURL}}/v4/graphiql.min.js"
      - "{{BaseURL}}/v4/graphiql.php"
      - "{{BaseURL}}/v4/graphiql/finland"
      - "{{BaseURL}}/v4/graphql"
      - "{{BaseURL}}/v4/graphql-explorer"
      - "{{BaseURL}}/v4/graphql.php"
      - "{{BaseURL}}/v4/graphql/console"
      - "{{BaseURL}}/v4/graphql/schema.json"
      - "{{BaseURL}}/v4/graphql/schema.xml"
      - "{{BaseURL}}/v4/graphql/schema.yaml"
      - "{{BaseURL}}/v4/playground"
      - "{{BaseURL}}/v4/subscriptions"

    headers:
      Content-Type: application/json

    body: '{"query":"query IntrospectionQuery{__schema {queryType { name }}}"}'

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: header
        words:
          - "application/json"

      - type: regex
        regex:
          - "__schema"
          - "(Introspection|INTROSPECTION|introspection).*?"
          - ".*?operation not found.*?"
        condition: or