davinerd / gql_intruder Goto Github PK
View Code? Open in Web Editor NEWA plugin based GraphQL vulnerability assessment tool.
License: MIT License
A plugin based GraphQL vulnerability assessment tool.
License: MIT License
python3 brute.py dump --url localhost:5000/graphql
Traceback (most recent call last):
File "brute.py", line 53, in <module>
plugin.attack()
File "/home/dab/my_gitrepos/gql_intruder/plugins/dump/dump.py", line 25, in attack
f = requests.post(self.GQL_ENDPOINT, headers=utils.set_request_headers(), json={"query": self.introspection_query})
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 637, in send
adapter = self.get_adapter(url=request.url)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 730, in get_adapter
raise InvalidSchema("No connection adapters were found for {!r}".format(url))
requests.exceptions.InvalidSchema: No connection adapters were found for 'localhost://5000/graphql'
With this piece of code:
dump_argparser = argparse.ArgumentParser()
dump_argparser.add_argument("--analyze", type=bool, default=False, action="store_true")
dump_argparser = self.build_argparse(dump_argparser)
args = dump_argparser.parse_args()
I get the following error:
$ python3 brute.py dump --url http://localhost:5000/graphql --analyze
Traceback (most recent call last):
File "brute.py", line 52, in <module>
plugin = VALID_COMMANDS[action]['class']()
File "/home/dab/my_gitrepos/gql_intruder/plugins/dump/dump.py", line 19, in __init__
dump_argparser.add_argument("--analyze", type=bool, default=False, action="store_true")
File "/usr/lib/python3.8/argparse.py", line 1380, in add_argument
action = action_class(**kwargs)
TypeError: __init__() got an unexpected keyword argument 'type'
Which shouldn't happen as we want to be able to accept any supported flag.
$ python3 brute.py dump --url http://localhost:3000/graphql
Traceback (most recent call last):
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
conn = connection.create_connection(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3.8/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.8/http/client.py", line 950, in send
self.connect()
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connection.py", line 187, in connect
conn = self._new_conn()
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f727e06a940>: Failed to establish a new connection: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 726, in urlopen
retries = retries.increment(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/util/retry.py", line 446, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=3000): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f727e06a940>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "brute.py", line 53, in <module>
plugin.attack()
File "/home/dab/codes/mycodes/github_repos/gql_intruder/plugins/dump/dump.py", line 25, in attack
f = requests.post(self.GQL_ENDPOINT, headers=utils.set_request_headers(), json={"query": self.introspection_query})
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=3000): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f727e06a940>: Failed to establish a new connection: [Errno 111] Connection refused'))
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.