A Python tool designed to automatically detect GraphQL endpoints and check for GraphQL introspection on a given base URL. Utilizing concurrent requests, this script efficiently scans a predefined list of common endpoint paths, identifies active GraphQL endpoints, and checks whether GraphQL introspection is enabled, optionally opening the GraphQL-Voyager web interface for further exploration.
- Concurrently checks a list of potential GraphQL endpoints against a specified base URL.
- Detects enabled GraphQL introspection on found endpoints.
- Supports verbose output for detailed operation insights.
- Optionally opens the GraphQL-Voyager website for endpoints with introspection enabled, facilitating schema exploration.
This project requires Python 3. Install the necessary Python packages by running:
pip install -r requirements.txtThe script is designed to help identify GraphQL endpoints within a given base URL and determine if introspection is enabled. It performs HTTP requests to various endpoint paths and analyzes the responses to identify GraphQL endpoints and their introspection status.
- Checks for GraphQL endpoints based on common paths.
- Verifies introspection status of identified GraphQL endpoints.
- Supports multi-threaded execution for faster scanning.
- Provides verbose output for detailed analysis.
- Saves GraphQL schema information to files.
python3 check.py <base_url> [-v] [-t <threads>]
Options
base_url: The base URL to check for GraphQL endpoints.
-v, --verbose: Increase output verbosity.
-t, --threads: Number of threads to use for concurrent requests (default: 10).