GraphQLmap/bin/graphqlmap

#!/usr/bin/env python3

try:
    import readline
except ImportError:
    import pyreadline as readline

from graphqlmap.attacks import *
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)


class GraphQLmap(object):
    author = "@pentest_swissky"
    version = "1.1"
    endpoint = "graphql"
    method = "POST"
    args = None
    url = None
    headers = None
    use_json = False

    def __init__(self, args_graphql):
        print("   _____                 _      ____  _                            ")
        print("  / ____|               | |    / __ \| |                           ")
        print(" | |  __ _ __ __ _ _ __ | |__ | |  | | |     _ __ ___   __ _ _ __  ")
        print(" | | |_ | '__/ _` | '_ \| '_ \| |  | | |    | '_ ` _ \ / _` | '_ \ ")
        print(" | |__| | | | (_| | |_) | | | | |__| | |____| | | | | | (_| | |_) |")
        print("  \_____|_|  \__,_| .__/|_| |_|\___\_\______|_| |_| |_|\__,_| .__/ ")
        print("                  | |                                       | |    ")
        print("                  |_|                                       |_|    ")
        print(" " * 30, end='')
        print(f"\033[1mAuthor\033[0m: {self.author} \033[1mVersion\033[0m: {self.version} ")
        self.args = args_graphql
        self.url = args_graphql.url
        self.method = args_graphql.method
        self.headers = None if not args_graphql.headers else json.loads(args_graphql.headers)
        self.use_json = True if args_graphql.use_json else False
        self.proxy =  { 
            "http"  : args_graphql.proxy, 
        }

        while True:
            query = input("GraphQLmap > ")
            cmdlist.append(query)
            if query == "exit" or query == "q":
                exit()

            elif query == "help":
                display_help()

            elif query == "debug":
                display_types(self.url, self.method, self.proxy, self.headers, self.use_json)

            elif query == "dump_via_introspection":
                dump_schema(self.url, self.method, 15, self.proxy, self.headers, self.use_json)

            elif query == "dump_via_fragment":
                dump_schema(self.url, self.method, 14, self.proxy, self.headers, self.use_json)

            elif query == "nosqli":
                blind_nosql(self.url, self.method, self.proxy, self.headers, self.use_json)

            elif query == "postgresqli":
                blind_postgresql(self.url, self.method, self.proxy, self.headers, self.use_json)

            elif query == "mysqli":
                blind_mysql(self.url, self.method, self.proxy, self.headers, self.use_json)

            elif query == "mssqli":
                blind_mssql(self.url, self.method, self.proxy, self.headers, self.use_json)

            else:
                print(self.headers)
                exec_advanced(self.url, self.method, query, self.headers, self.use_json, self.proxy)


if __name__ == "__main__":
    readline.set_completer(auto_completer)
    readline.parse_and_bind("tab: complete")
    args = parse_args()
    GraphQLmap(args)
use env in shebang 2020-05-13 22:55:51 +00:00			`#!/usr/bin/env python3`

Add windows support (experimental) 2020-02-05 12:43:03 +00:00			`try:`
			`import readline`
			`except ImportError:`
			`import pyreadline as readline`
Optimized imports 2020-02-05 12:22:13 +00:00
GraphQLmap Package 2022-01-17 15:22:22 +00:00			`from graphqlmap.attacks import *`
Disable InsecureRequestWarning 2020-01-14 20:49:49 +00:00			`import urllib3`
			`urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00
Formatted graphqlmap 2020-02-05 12:05:56 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`class GraphQLmap(object):`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`author = "@pentest_swissky"`
Fix parameters order in requester + batching queries 2023-03-11 22:34:56 +00:00			`version = "1.1"`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`endpoint = "graphql"`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`method = "POST"`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`args = None`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`url = None`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`headers = None`
support sending JSON-encoded payloads 2020-05-14 18:31:55 +00:00			`use_json = False`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00
Avoid shadowing args argument from outer scope 2020-02-05 12:18:50 +00:00			`def __init__(self, args_graphql):`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`print(" _____ _ ____ _ ")`
			`print(" / ____\| \| \| / __ \\| \| ")`
			`print(" \| \| __ _ __ __ _ _ __ \| \|__ \| \| \| \| \| _ __ ___ __ _ _ __ ")`
			print(" \| \| \|_ \| '__/ _` \| '_ \\| '_ \\| \| \| \| \| \| '_ ` _ \ / _` \| '_ \ ")
			`print(" \| \|__\| \| \| \| (_\| \| \|_) \| \| \| \| \|__\| \| \|____\| \| \| \| \| \| (_\| \| \|_) \|")`
			`print(" \_____\|_\| \__,_\| .__/\|_\| \|_\|\___\_\______\|_\| \|_\| \|_\|\__,_\| .__/ ")`
			`print(" \| \| \| \| ")`
			`print(" \|_\| \|_\| ")`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`print(" " * 30, end='')`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`print(f"\033[1mAuthor\033[0m: {self.author} \033[1mVersion\033[0m: {self.version} ")`
Avoid shadowing args argument from outer scope 2020-02-05 12:18:50 +00:00			`self.args = args_graphql`
			`self.url = args_graphql.url`
			`self.method = args_graphql.method`
			`self.headers = None if not args_graphql.headers else json.loads(args_graphql.headers)`
support sending JSON-encoded payloads 2020-05-14 18:31:55 +00:00			`self.use_json = True if args_graphql.use_json else False`
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`self.proxy = {`
			`"http" : args_graphql.proxy,`
			`}`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00
			`while True:`
			`query = input("GraphQLmap > ")`
			`cmdlist.append(query)`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`if query == "exit" or query == "q":`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`exit()`

			`elif query == "help":`
			`display_help()`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "debug":`
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`display_types(self.url, self.method, self.proxy, self.headers, self.use_json)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`elif query == "dump_via_introspection":`
			`dump_schema(self.url, self.method, 15, self.proxy, self.headers, self.use_json)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`elif query == "dump_via_fragment":`
			`dump_schema(self.url, self.method, 14, self.proxy, self.headers, self.use_json)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "nosqli":`
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`blind_nosql(self.url, self.method, self.proxy, self.headers, self.use_json)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "postgresqli":`
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`blind_postgresql(self.url, self.method, self.proxy, self.headers, self.use_json)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "mysqli":`
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`blind_mysql(self.url, self.method, self.proxy, self.headers, self.use_json)`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00
README - Update features + fix SSL 2019-07-29 16:22:11 +00:00			`elif query == "mssqli":`
GraphQL Docker link + README update + Proxy support 2022-01-17 13:42:18 +00:00			`blind_mssql(self.url, self.method, self.proxy, self.headers, self.use_json)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`else:`
Fix parameters order in requester + batching queries 2023-03-11 22:34:56 +00:00			`print(self.headers)`
			`exec_advanced(self.url, self.method, query, self.headers, self.use_json, self.proxy)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
Formatted graphqlmap 2020-02-05 12:05:56 +00:00
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00			`if __name__ == "__main__":`
			`readline.set_completer(auto_completer)`
			`readline.parse_and_bind("tab: complete")`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`args = parse_args()`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`GraphQLmap(args)`