forked from swisskyrepo/GraphQLmap
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathutils.py
More file actions
107 lines (90 loc) · 4.08 KB
/
utils.py
File metadata and controls
107 lines (90 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
#!/usr/bin/python
import argparse
import json
import requests
cmdlist = ["exit", "help", "dump_old", "dump_new", "postgresqli", "mysqli", "mssqli", "nosqli", "mutation", "edges",
"node", "$regex", "$ne", "__schema"]
def auto_completer(text, state):
options = [x for x in cmdlist if x.startswith(text)]
try:
return options[state]
except IndexError:
return None
def jq(data):
return json.dumps(data, indent=4, sort_keys=True)
def requester(url, method, payload, headers=None, use_json=False):
if method == "POST" or use_json:
data = {
"query": payload.replace("+", " ")
}
new_headers = {} if headers is None else headers.copy()
new_data = data.copy()
if use_json:
new_headers['Content-Type'] = 'application/json'
new_data = json.dumps(data)
r = requests.post(url, data=new_data, verify=False, headers=new_headers)
if r.status_code == 500:
print("\033[91m/!\ API didn't respond correctly to a POST method !\033[0m")
return None
else:
r = requests.get(url + "?query={}".format(payload), verify=False, headers=headers)
return r
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument('-u', action='store', dest='url', help="URL to query : example.com/graphql?query={}")
parser.add_argument('-v', action='store', dest='verbosity', help="Enable verbosity", nargs='?', const=True)
parser.add_argument('--method', action='store', dest='method',
help="HTTP Method to use interact with /graphql endpoint", nargs='?', const=True, default="GET")
parser.add_argument('--headers', action='store', dest='headers', help="HTTP Headers sent to /graphql endpoint",
nargs='?', const=True, type=str)
parser.add_argument('--json', action='store', dest='use_json', help="Use JSON encoding, implies POST", nargs='?', const=True, type=bool)
results = parser.parse_args()
if results.url is None:
parser.print_help()
exit()
return results
def fix_headers(headers_str):
try:
jsonStartPos = headers_str.find('{') + 1
headers_str = headers_str[:jsonStartPos] + '"' + headers_str[jsonStartPos:]
jsonEndPos = headers_str.find('}')
headers_str = headers_str[:jsonEndPos] + '"' + headers_str[jsonEndPos:]
start = 0
while True:
start = headers_str.find(':', start)
if start == -1:
break
headers_str = headers_str[:start] + '"' + headers_str[start:]
start += 2
start = 0
while True:
start = headers_str.find(':', start) + 1
if start == 0:
break
headers_str = headers_str[:start] + '"' + headers_str[start:]
start += 3
start = 0
while True:
start = headers_str.find(',', start)
if start == -1:
break
headers_str = headers_str[:start] + '"' + headers_str[start:]
start += 2
start = 0
while True:
start = headers_str.find(',', start) + 1
if start == 0:
break
headers_str = headers_str[:start] + '"' + headers_str[start:]
start += 3
headers_str.replace('\'', '')
except:
pass
def display_help():
print("[+] \033[92mdump_old \033[0m: dump GraphQL schema (fragment+FullType)")
print("[+] \033[92mdump_new \033[0m: dump GraphQL schema (IntrospectionQuery)")
print("[+] \033[92mnosqli \033[0m: exploit a nosql injection inside a GraphQL query")
print("[+] \033[92mpostgresqli \033[0m: exploit a sql injection inside a GraphQL query")
print("[+] \033[92mysqli \033[0m: exploit a sql injection inside a GraphQL query")
print("[+] \033[92mssqli \033[0m: exploit a sql injection inside a GraphQL query")
print("[+] \033[92mexit \033[0m: gracefully exit the application")