Open In App

Graphw00F – GraphQL fingerprinting tool for GQL endpoints

Last Updated : 04 Jan, 2022
Improve
Improve
Like Article
Like
Save
Share
Report

Graphw00F is a free and open-source tool available on GitHub. Graphw00F is a tool that is used for finding fingerprints of the GraphQL server engines. Graphw00F can find the technology running behind the GraphQL endpoint.  Graphw00F is written in python language. You must have python language installed in your kali Linux operating system in order to use this tool. Graphw00F is a tool that is developed by taking inspiration from a famous tool called wafw00f. Graphw00F consists of 9 GraphQL engines. Graphw00F tool sends benign and malformed queries to determine the GraphQL engine which is running behind the domain network. Graphw00F will provide the necessary information about the security defenses which are running behind the scene of the domain. This type of reconnaissance is useful in the early stage of Pentesting. All 9 GraphQL engines work as modules for the Graphw00F. Graphw00F can perform and identify whether any firewall or security mechanism is activated on a network or not. On each query Graphw00F response individually. Graphw00F can filter out all the GQL endpoints and fingerprints. Security researchers also use this tool to perform reconnaissance across a network in organizations. Graphw00f is one of the best tools for auditing GQL endpoints. Installation and step-by-step tutorial of the tool are given below.

Installation

Step 1: Use the following command to install the tool from Github.

git clone https://github.com/dolevf/graphw00f.git

Step 2: Now use the following command to move into the directory of the tool.

cd graphw00f
ls

Step 3: The tool has been installed and running successfully. Now use the following command to run the tool.

python3 main.py-h

The tool is running successfully. Now we will see examples to use the tool.

Usage

Example 1: Use the graphw00f tool to check if GraphQL is available at domain or not.

 python3 main.py -f -d -t <domain>

Here the tool is checking GraphQL point behind the domain.

Example 2: Use the graphw00f tool to check if GraphQL is available at domain or not.

python3 main.py -f -d -t <domain>

Here the tool is checking GraphQL point behind the domain. Similarly, you can refer to the above example to find the GraphQL endpoint of the domain. These GraphQL endpoints are useful in the early stages of Pentesting.


Like Article
Suggest improvement
Previous
Introspection in GraphQL
Next
How to Install Flussonic Streaming Server on Linux
Share your thoughts in the comments

Similar Reads

NTLMRecon - Tool To Enumerate Information From NTLM Authentication Enabled Web Endpoints
Shellfinder - Simple Tool to Find Shells and Endpoints in Websites
How to Conduct OS Fingerprinting with Xprobe2
LinkFinder - Script to search Endpoints in JavaScript Files
Webkiller v2.0 - Tool Information Gathering tool in Kali Linux
Cewl Tool - Creating Custom Wordlists Tool in Kali Linux
Tool-X - Hacking Tool Installer in Kali Linux
D-TECT - Web Applications Penetration Testing Tool
Kali Linux - Password Cracking Tool
Sherlock - Hunt Username on Social Media Kali Linux Tool

M
mohdshariq
Article Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox