GraphQL penetration testing toolkit.
Authorized security testing only. Use against targets without prior written consent from the owner is illegal.
- Fingerprinting — identifies 18 GraphQL engines (Apollo, Hasura, HotChocolate, Dgraph, graphql-ruby, Directus, …) from error patterns, headers, and URL hints
- Recon — introspection, 8 introspection-bypass techniques, schema analysis, generic Relay dump with auto-detection, hidden-field enumeration, field suggestions (Clairvoyance-lite)
- Protocol attacks — CSRF (GET /
text/plain/ form-encoded / CORS), Apollo Federation SDL dump +_entitiesACL bypass, Automatic Persisted Queries abuse, WebSocket subscription auth & Origin bypass - Injection — SQL (error-based, time-based blind, UNION, blind extraction) and NoSQL (operators, auth bypass, blind
$regex) - Other — generic IDOR on any mutation, SSRF (AWS/GCP/Azure metadata + localhost), batching brute-force, DoS-protection probing with configurable ceilings
Smart selection is active by default: the tool fingerprints the engine and augments your checks with engine-appropriate safe probes. Pass --no-smart to disable, or --all to run every safe check.
| CVE | Framework | CVSS | Impact |
|---|---|---|---|
| CVE-2021-47748 | Hasura | 9.3 | RCE via COPY FROM PROGRAM |
| CVE-2026-34976 | Dgraph | 10.0 | restoreTenant SSRF (unauthenticated) |
| CVE-2025-27407 | graphql-ruby | 9.1 | RCE via Schema.from_introspection |
| CVE-2022-46792 | Hasura | 9.1 | Update-Many row-level security bypass |
| CVE-2024-37843 | Craft CMS | 8.8 | SQL injection via GraphQL API |
| CVE-2023-27588 | Hasura | 7.5 | Unauthenticated path traversal |
| CVE-2025-64530 | Apollo Federation | 7.5 | Interface @authenticated directive bypass |
| CVE-2026-35413 | Directus | 5.3 | Introspection bypass via /graphql/system |
| CVE-2021-4191 | GitLab | 5.3 | Unauthenticated user enumeration |
| — | gqlgen / async-graphql / graphql-go | — | Directive overload / recursive fragment DoS |
--check-cve runs safe probes. --check-cve-rce runs destructive exploit confirmations (requires --destructive-methods).
pipx install git+https://github.com/Blatzy/GraphQLMap-ng.gitRequires Python ≥ 3.11.
graphqlmap-ng -u https://target/graphql --all
graphqlmap-ng --helpDestructive flags (--live, --ssrf, --sqli-extract, --check-cve-rce, --nosqli-auth-bypass, --batch-brute, --dos-detect) refuse to run unless --destructive-methods is also passed.
- MODULES.md — every flag, module, and output file
- CHANGELOG.md — release notes
- IMPROVEMENTS.md — deferred work
MIT