graphql-security

Here are 24 public repositories matching this topic...

wallarm / gotestwaf

An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

security waf owasp bugbounty web-application-firewall security-tools web-application-security security-testing graphql-security api-security rest-security grpc-security

Updated Jul 31, 2025
Go

doyensec / inql

Star

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

graphql security-audit penetration-testing bugbounty security-scanner burpsuite security-tools burp-extensions graphql-security api-documentation-tool bugbounty-tool

Updated Apr 22, 2026
Kotlin

dolevf / Damn-Vulnerable-GraphQL-Application

Star

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

graphql security penetration-testing vulnerability exploitation graphql-security damn-vulnerable damn-vulnerable-web-application

Updated May 24, 2025
JavaScript

gsmith257-cyber / GraphCrawler

Star

GraphQL automated security testing toolkit

api graphql cybersecurity pentesting automated-testing graphql-api graphql-security api-hacking

Updated Feb 20, 2024
Python

Agent-Field / sec-af

Star

AI-native security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.

python open-source security developer-tools application-security cwe autonomous-agents sarif devsecops ai-agents vulnerability-scanner graphql-security sast ai-security llm agentic-ai agentfield

Updated Apr 6, 2026
Python

networknt / light-graphql-4j

Star

GraphQL implementation based on light-4j

java graphql security relay relayjs graphql-validator graphql-security

Updated May 20, 2026
Java

0xbigshaq / hackmegraph

Star

a vulnerable GraphQL application

graphql graphql-security graphql-lab

Updated Dec 13, 2019
JavaScript

davinerd / gql_intruder

Star

A plugin based GraphQL vulnerability assessment tool.

graphql python3 pentest-tool graphql-security

Updated Jan 10, 2021
Python

nknaman5121a / GQLMap-

Star

Automated GraphQL pentest and fuzzing tool for bug bounty hunting and security research.

automation recon bugbounty pentest-tool cli-tool graphql-security security-research graphql-injection graphql-fuzzer

Updated Jul 9, 2025
Python

CYBWithFlourish / GraphqlNomad

Star

An integrated tool to detect, fingerprint, and explore GraphQL endpoints.

python graphql cli automation owasp cybersecurity bug-bounty fingerprinting security-scanner reconnaissance graphql-security api-security red-teaming pentesting-tools bug-bounty-tools

Updated Jan 18, 2026
Python

FortressCommunity / FortressWAF

Star

FortressWAF - Self-Hosted WAF & API Security Gateway. Enterprise Web Application Firewall with ML-powered threat detection, GraphQL/WebSocket/mTLS inspection, hot-reload config, SIEM export, and real-time detection. Built from scratch in Go.

go security rate-limiting waf owasp reverse-proxy siem web-application-firewall graphql-security ml-security

Updated May 26, 2026
Go

sentient-zero / GQLHound

Star

Burp Suite extension for passive GraphQL reconnaissance. Catalogs operations from proxy traffic, tracks variable shapes with sample values, stores original requests per signature, and sends to Intruder with auto-marked payload positions. Supports status triage, export/import for session persistence, and batched mutation detection.

Updated Mar 16, 2026
Java

GihanIT / Phantom-Crawler

Star

A lightweight, multi-threaded web application reconnaissance and security testing tool. Features include crawling, JavaScript analysis, secret detection, GraphQL probing, JWT analysis, security header checks, and XSS fuzzing, with JSON and HTML reporting. For authorized security testing only (MIT License)

python open-source penetration-testing web-security hacktoberfest security-scanner security-tools xss-testing reconnaissance graphql-security hacktoberfest-accepted jwt-analysis

Updated Oct 14, 2025
Python

muzuix / GraphQL-Pentest-Checklist-2026

Star

Advanced GraphQL penetration testing checklist — covering introspection, auth bypass, injection, DoS, SSRF, subscription attacks & more. Built for security engineers & bug bounty hunters. 🔥

graphql security owasp penetration-testing vulnerability infosec bugbounty appsec graphql-api ethical-hacking security-checklist graphql-security redteaming api-security graphql-pentesting

Updated Apr 25, 2026

sl4x0 / my-graphql-security-study

Star

graphql bug-bounty graphql-security graphql-pentesting

Updated Aug 4, 2024

Agrentuml / apka-P

Star

Extract GraphQL schema from Android APKs — when introspection is disabled

graphql security reverse-engineering apk bug-bounty pentesting android-security mobile-security security-tools graphql-security apk-analysis pentesting-tools pentesting-tool reverse-engineering-tools apollo-kotlin apk-security

Updated Apr 29, 2026
Python

eugenicum / supabase-audit

Star

Black-box pentest + architecture auditor for Supabase. Real attacks against RLS, RPC, storage, GraphQL, Realtime, JWT, edge functions — not pattern matching.