GraphQLmap/graphqlmap.py

#!/usr/bin/python
import argparse
import json
import re
import readline
import requests
import sys
import time
from utils import *
from attacks import *


class GraphQLmap(object):
    author = "@pentest_swissky"
    version = "1.0"
    endpoint = "graphql"
    method = "POST"
    args = None
    url = None
    headers = None

    def __init__(self, args):
        print("   _____                 _      ____  _                            ")
        print("  / ____|               | |    / __ \| |                           ")
        print(" | |  __ _ __ __ _ _ __ | |__ | |  | | |     _ __ ___   __ _ _ __  ")
        print(" | | |_ | '__/ _` | '_ \| '_ \| |  | | |    | '_ ` _ \ / _` | '_ \ ")
        print(" | |__| | | | (_| | |_) | | | | |__| | |____| | | | | | (_| | |_) |")
        print("  \_____|_|  \__,_| .__/|_| |_|\___\_\______|_| |_| |_|\__,_| .__/ ")
        print("                  | |                                       | |    ")
        print("                  |_|                                       |_|    ")
        print(" " * 30, end='')
        print(f"\033[1mAuthor\033[0m: {self.author} \033[1mVersion\033[0m: {self.version} ")
        self.args = args
        self.url = args.url
        self.method = args.method
        self.headers = None if not args.headers else json.loads(args.headers)

        while True:
            query = input("GraphQLmap > ")
            cmdlist.append(query)
            if query == "exit" or query == "q":
                exit()

            elif query == "help":
                display_help()

            elif query == "debug":
                display_types(self.url, self.method, self.headers)

            elif query == "dump_new":
                dump_schema(self.url, self.method, 15, self.headers)

            elif query == "dump_old":
                dump_schema(self.url, self.method, 14, self.headers)

            elif query == "nosqli":
                blind_nosql(self.url, self.method, self.headers)

            elif query == "postgresqli":
                blind_postgresql(self.url, self.method, self.headers)

            elif query == "mysqli":
                blind_mysql(self.url, self.method, self.headers)

            elif query == "mssqli":
                blind_mssql(self.url, self.method, self.headers)

            else:
                exec_advanced(args.url, self.method, query, self.headers)


if __name__ == "__main__":
    readline.set_completer(auto_completer)
    readline.parse_and_bind("tab: complete")
    args = parse_args()
    GraphQLmap(args)
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00			`#!/usr/bin/python`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`import argparse`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00			`import json`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`import re`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00			`import readline`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`import requests`
			`import sys`
			`import time`
			`from utils import *`
			`from attacks import *`

Formatted graphqlmap 2020-02-05 12:05:56 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`class GraphQLmap(object):`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`author = "@pentest_swissky"`
			`version = "1.0"`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`endpoint = "graphql"`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`method = "POST"`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`args = None`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`url = None`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`headers = None`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00
			`def __init__(self, args):`
			`print(" _____ _ ____ _ ")`
			`print(" / ____\| \| \| / __ \\| \| ")`
			`print(" \| \| __ _ __ __ _ _ __ \| \|__ \| \| \| \| \| _ __ ___ __ _ _ __ ")`
			print(" \| \| \|_ \| '__/ _` \| '_ \\| '_ \\| \| \| \| \| \| '_ ` _ \ / _` \| '_ \ ")
			`print(" \| \|__\| \| \| \| (_\| \| \|_) \| \| \| \| \|__\| \| \|____\| \| \| \| \| \| (_\| \| \|_) \|")`
			`print(" \_____\|_\| \__,_\| .__/\|_\| \|_\|\___\_\______\|_\| \|_\| \|_\|\__,_\| .__/ ")`
			`print(" \| \| \| \| ")`
			`print(" \|_\| \|_\| ")`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`print(" " * 30, end='')`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`print(f"\033[1mAuthor\033[0m: {self.author} \033[1mVersion\033[0m: {self.version} ")`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`self.args = args`
			`self.url = args.url`
			`self.method = args.method`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00			`self.headers = None if not args.headers else json.loads(args.headers)`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00
			`while True:`
			`query = input("GraphQLmap > ")`
			`cmdlist.append(query)`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`if query == "exit" or query == "q":`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`exit()`

			`elif query == "help":`
			`display_help()`
Formatted graphqlmap 2020-02-05 12:05:56 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "debug":`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`display_types(self.url, self.method, self.headers)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "dump_new":`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`dump_schema(self.url, self.method, 15, self.headers)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "dump_old":`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`dump_schema(self.url, self.method, 14, self.headers)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "nosqli":`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`blind_nosql(self.url, self.method, self.headers)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "postgresqli":`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`blind_postgresql(self.url, self.method, self.headers)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`elif query == "mysqli":`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`blind_mysql(self.url, self.method, self.headers)`

README - Update features + fix SSL 2019-07-29 16:22:11 +00:00			`elif query == "mssqli":`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`blind_mssql(self.url, self.method, self.headers)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`else:`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`exec_advanced(args.url, self.method, query, self.headers)`
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00
Formatted graphqlmap 2020-02-05 12:05:56 +00:00
GraphQLmap - Initial feature 2019-06-21 14:42:05 +00:00			`if __name__ == "__main__":`
			`readline.set_completer(auto_completer)`
			`readline.parse_and_bind("tab: complete")`
GRAPHQLMAP - Full code refactor + more sqli 2019-07-05 22:01:44 +00:00			`args = parse_args()`
Add option to add header to requests made 2020-02-03 09:54:08 +00:00			`GraphQLmap(args)`