Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

graphinder

Package Overview
Dependencies
Maintainers
1
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

graphinder

Escape Graphinder

  • 1.11.6
  • PyPI
  • Socket score
Maintainers
1

Graphinder PyPI CI codecov

Graphinder is a tool that extracts all GraphQL endpoints from a given domain.

Banner

Docker Pulls Docker Image Size (latest by date) PyPI - Downloads

Run with docker

docker pull escapetech/graphinder
docker run -it --rm escapetech/graphinder -d example.com

If you want to save your results.json file, you can use:

docker run -it --name graphinder escapetech/graphinder -d example.com
docker cp graphinder:/graphinder/results.json results.json
docker rm -f graphinder

Or if you want to pass a file containing domain names (one per line):

docker run -v /full/path/to/file.csv:/graphinder/file.csv -it --rm escapetech/graphinder --inplace -f /graphinder/file.csv

Install using Pip

pip install graphinder

# using specific python binary
python3 -m pip install graphinder

Run it with

graphinder ...

Usage

A Scan consistes of:

  • Running on a specific domain (-d, --domain) or a list of domains (-f, --input-file).
  • Searching all scripts loaded by the browser for graphql endpoint (-s, --script)
  • Brute forcing the directories of all discovered urls (-b, --bruteforce)
  • Using precision mode (-p, --precision)

By default, bruteforce and script search are enabled.

graphinder -d example.com

graphinder -f domains.txt

Extra features

  • --no-bruteforce: Disable bruteforce
  • --no-script: Disable script search
  • -p --precision --no-precision: Enable/disable precision mode (default: enabled) (precision mode is slower but more accurate)
  • -f --input-file <FILE_PATH>: Input domain names from file
  • -w --max-workers <int>: Maximum of concurrent workers on multiple domains.
  • -o --output-file <FILE_PATH>: Output the results to file
  • -v --verbose --no-verbose: Verbose mode
  • -r --reduce: The maximum number of subdomains to scan.
  • -wb --webhook_url: The discord webhook url to send the results to.

If you experience any issues, irregularities or networking bottlenecks, please reduce your number of workers, otherwise, better is your network, the more workers you can have.

Local installation

Clone the repository and run the installation script

git clone https://github.com/Escape-Technologies/graphinder.git
cd Graphinder
./install-dev.sh

Run this command to enter the virtual enviroment

poetry shell

Profit !

graphinder -d example.com

How do you make sure this is a valid graphql endpoint ?

detector

Contributing

Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change.

Please make sure to update tests as appropriate.

License PyPI - License

MIT

FAQs

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm

Security News

Research

Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm

The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.

By Kush Pandya  -  Dec 11, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc