davinerd / gql_intruder Goto Github PK
View Code? Open in Web Editor NEWA plugin based GraphQL vulnerability assessment tool.
License: MIT License
gql_intruder's People
Contributors
Stargazers
Watchers
gql_intruder's Issues
utils.parse_url wrong parsing
python3 brute.py dump --url localhost:5000/graphql
Traceback (most recent call last):
File "brute.py", line 53, in <module>
plugin.attack()
File "/home/dab/my_gitrepos/gql_intruder/plugins/dump/dump.py", line 25, in attack
f = requests.post(self.GQL_ENDPOINT, headers=utils.set_request_headers(), json={"query": self.introspection_query})
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 637, in send
adapter = self.get_adapter(url=request.url)
File "/home/dab/my_gitrepos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 730, in get_adapter
raise InvalidSchema("No connection adapters were found for {!r}".format(url))
requests.exceptions.InvalidSchema: No connection adapters were found for 'localhost://5000/graphql'
Weird build_argparse() behavior
With this piece of code:
dump_argparser = argparse.ArgumentParser()
dump_argparser.add_argument("--analyze", type=bool, default=False, action="store_true")
dump_argparser = self.build_argparse(dump_argparser)
args = dump_argparser.parse_args()
I get the following error:
$ python3 brute.py dump --url http://localhost:5000/graphql --analyze
Traceback (most recent call last):
File "brute.py", line 52, in <module>
plugin = VALID_COMMANDS[action]['class']()
File "/home/dab/my_gitrepos/gql_intruder/plugins/dump/dump.py", line 19, in __init__
dump_argparser.add_argument("--analyze", type=bool, default=False, action="store_true")
File "/usr/lib/python3.8/argparse.py", line 1380, in add_argument
action = action_class(**kwargs)
TypeError: __init__() got an unexpected keyword argument 'type'
Which shouldn't happen as we want to be able to accept any supported flag.
Add checks on host connectivity
$ python3 brute.py dump --url http://localhost:3000/graphql
Traceback (most recent call last):
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connection.py", line 159, in _new_conn
conn = connection.create_connection(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/util/connection.py", line 84, in create_connection
raise err
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/util/connection.py", line 74, in create_connection
sock.connect(sa)
ConnectionRefusedError: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 670, in urlopen
httplib_response = self._make_request(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 392, in _make_request
conn.request(method, url, **httplib_request_kw)
File "/usr/lib/python3.8/http/client.py", line 1255, in request
self._send_request(method, url, body, headers, encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1301, in _send_request
self.endheaders(body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1250, in endheaders
self._send_output(message_body, encode_chunked=encode_chunked)
File "/usr/lib/python3.8/http/client.py", line 1010, in _send_output
self.send(msg)
File "/usr/lib/python3.8/http/client.py", line 950, in send
self.connect()
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connection.py", line 187, in connect
conn = self._new_conn()
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connection.py", line 171, in _new_conn
raise NewConnectionError(
urllib3.exceptions.NewConnectionError: <urllib3.connection.HTTPConnection object at 0x7f727e06a940>: Failed to establish a new connection: [Errno 111] Connection refused
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/adapters.py", line 439, in send
resp = conn.urlopen(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/connectionpool.py", line 726, in urlopen
retries = retries.increment(
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/urllib3/util/retry.py", line 446, in increment
raise MaxRetryError(_pool, url, error or ResponseError(cause))
urllib3.exceptions.MaxRetryError: HTTPConnectionPool(host='localhost', port=3000): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f727e06a940>: Failed to establish a new connection: [Errno 111] Connection refused'))
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "brute.py", line 53, in <module>
plugin.attack()
File "/home/dab/codes/mycodes/github_repos/gql_intruder/plugins/dump/dump.py", line 25, in attack
f = requests.post(self.GQL_ENDPOINT, headers=utils.set_request_headers(), json={"query": self.introspection_query})
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 119, in post
return request('post', url, data=data, json=json, **kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 530, in request
resp = self.send(prep, **send_kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/sessions.py", line 643, in send
r = adapter.send(request, **kwargs)
File "/home/dab/codes/mycodes/github_repos/gql_intruder/venv/lib/python3.8/site-packages/requests/adapters.py", line 516, in send
raise ConnectionError(e, request=request)
requests.exceptions.ConnectionError: HTTPConnectionPool(host='localhost', port=3000): Max retries exceeded with url: /graphql (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x7f727e06a940>: Failed to establish a new connection: [Errno 111] Connection refused'))
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.