id: graphql-detect info: name: GraphQL API Detection author: NkxxkN & ELSFA7110 severity: info requests: - method: POST path: - "{{BaseURL}}/graphql" - "{{BaseURL}}/graphiql" - "{{BaseURL}}/graphql.php" - "{{BaseURL}}/graphql/console" - "{{BaseURL}}/v1" - "{{BaseURL}}/v2" - "{{BaseURL}}/v3" - "{{BaseURL}}/graphql-console" - "{{BaseURL}}/query-laravel" - "{{BaseURL}}/v3/subscriptions" - "{{BaseURL}}/v3/graphql/schema.xml" - "{{BaseURL}}/v3/graphql/schema.yaml" - "{{BaseURL}}/v3/playground" - "{{BaseURL}}/v3/graphql/schema.json" - "{{BaseURL}}/graphql/schema.yaml" - "{{BaseURL}}/graphql/schema.xml" - "{{BaseURL}}/graphql/schema.json" - "{{BaseURL}}/graphiql/finland" - "{{BaseURL}}/graphiql.css" - "{{BaseURL}}/graphql-devtools" - "{{BaseURL}}/graphql/v1" - "{{BaseURL}}/v1/graphql" - "{{BaseURL}}/lol/graphql" - "{{BaseURL}}/lol/graphql/v1" - "{{BaseURL}}/api/graphql/v1" - "{{BaseURL}}/portal-graphql" - "{{BaseURL}}/graphql-playground" - "{{BaseURL}}/laravel-graphql-playground" - "{{BaseURL}}/query-explorer" - "{{BaseURL}}/sphinx-graphiql" - "{{BaseURL}}/express-graphql" - "{{BaseURL}}/query" - "{{BaseURL}}/HyperGraphQL" - "{{BaseURL}}/graphql/graphql-playground" - "{{BaseURL}}/graphql-playground-html" - "{{BaseURL}}/graph_cms" - "{{BaseURL}}/query-api" - "{{BaseURL}}/api/cask/graphql-playground" - "{{BaseURL}}/altair" - "{{BaseURL}}/playground" headers: Content-Type: application/json body: '{"query":"query IntrospectionQuery{__schema {queryType { name }}}"}' matchers-condition: and matchers: - type: status status: - 200 - type: regex regex: - "__schema" - "(Introspection|INTROSPECTION|introspection).*?" - ".*?operation not found.*?" condition: or