63 lines
2.4 KiB
Python
63 lines
2.4 KiB
Python
#!/usr/bin/python
|
|
import argparse
|
|
import json
|
|
import re
|
|
import readline
|
|
import requests
|
|
import sys
|
|
import time
|
|
|
|
cmdlist = ["exit", "help", "dump_old", "dump_new", "postgresqli", "mysqli", "mssqli", "nosqli", "mutation", "edges",
|
|
"node", "$regex", "$ne", "__schema"]
|
|
|
|
|
|
def auto_completer(text, state):
|
|
options = [x for x in cmdlist if x.startswith(text)]
|
|
try:
|
|
return options[state]
|
|
except IndexError:
|
|
return None
|
|
|
|
|
|
def jq(data):
|
|
return json.dumps(data, indent=4, sort_keys=True)
|
|
|
|
|
|
def requester(URL, method, payload, headers=None):
|
|
if method == "POST":
|
|
data = {
|
|
"query": payload.replace("+", " ")
|
|
}
|
|
r = requests.post(URL, data=data, verify=False, headers=headers)
|
|
if r.status_code == 500:
|
|
print("\033[91m/!\ API didn't respond correctly to a POST method !\033[0m")
|
|
return None
|
|
else:
|
|
r = requests.get(URL + "?query={}".format(payload), verify=False)
|
|
return r
|
|
|
|
|
|
def parse_args():
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument('-u', action='store', dest='url', help="URL to query : example.com/graphql?query={}")
|
|
parser.add_argument('-v', action='store', dest='verbosity', help="Enable verbosity", nargs='?', const=True)
|
|
parser.add_argument('--method', action='store', dest='method',
|
|
help="HTTP Method to use interact with /graphql endpoint", nargs='?', const=True, default="GET")
|
|
parser.add_argument('--headers', action='store', dest='headers', help="HTTP Headers sent to /graphql endpoint",
|
|
nargs='?', const=True, type=str)
|
|
results = parser.parse_args()
|
|
if results.url is None:
|
|
parser.print_help()
|
|
exit()
|
|
return results
|
|
|
|
|
|
def display_help():
|
|
print("[+] \033[92mdump_old \033[0m: dump GraphQL schema (fragment+FullType)")
|
|
print("[+] \033[92mdump_new \033[0m: dump GraphQL schema (IntrospectionQuery)")
|
|
print("[+] \033[92mnosqli \033[0m: exploit a nosql injection inside a GraphQL query")
|
|
print("[+] \033[92mpostgresqli \033[0m: exploit a sql injection inside a GraphQL query")
|
|
print("[+] \033[92mysqli \033[0m: exploit a sql injection inside a GraphQL query")
|
|
print("[+] \033[92mssqli \033[0m: exploit a sql injection inside a GraphQL query")
|
|
print("[+] \033[92mexit \033[0m: gracefully exit the application")
|