Skip to content

Releases: omar2535/GraphQLer

V2.3.6

04 Nov 02:09
@omar2535 omar2535
V2.3.6
014cb44
Compare
Choose a tag to compare
V2.3.6 Latest
Latest

🔍Implemented detections!

User-facing changes

  • Add introspection detection
  • Add field suggestions detection
  • Add HTML/XSS/SQLi/File/SSRF detections
  • Add OS command injection detections
  • Add deny-list bypass detections
  • Add easier stats parsing
  • Add detection logging for easier access
  • Add SKIP_NODES option to the configuration to skip any nodes that might be causing issues on the API (IE. slow endpoints)

Detections example

image

Developer changes

  • Moved materializer of each detection into detection classes
  • Stats parsing now parses vulnerabilities as well
  • Added general abstract detection class to be extended on
  • Fix duplicate logging by checking logger handlers before initialization
  • Fix materializer check for soft dependencies
Assets 2
Loading

V2.2.2

17 Oct 03:45
@omar2535 omar2535
V2.2.2
458e71f
This commit was signed with the committer’s verified signature.
omar2535 Omar
GPG key ID: 6A95C140357FD170
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.2.2

Objects bucket refactor

  • Can now keep track of all scalars seen
  • Keeps track of all fields of objects seen

General

  • Improved error handling & object bucket printing
  • Checking max-depth on inputs for materializer
  • Bug fix on max-depth of materializer in inputs not being used
  • Bug fix stats not correctly giving back proper error codes
  • Remove noise in fuzzer.log during normal usage (still available in DEBUG mode)
Assets 2
Loading

V2.2.0

30 Sep 18:59
@omar2535 omar2535
V2.2.0
9b5fd2d
Compare
Choose a tag to compare
V2.2.0
  • SQLI testing
  • Batch query/mutation testing
  • Bug fixes on error handling
Assets 2
Loading

V2.1.9

26 Jul 12:57
@omar2535 omar2535
V2.1.9
b5b7d6a
Compare
Choose a tag to compare
V2.1.9

What's Changed

  • Add support for args in fields
  • Fix bugs in logging during retries
  • Add re-trier functionality on NON_NULL fields of objects
  • Add INTERFACE support
Assets 2
Loading

V2.1.5

15 Jul 00:29
@omar2535 omar2535
V2.1.5
820c165
This commit was signed with the committer’s verified signature.
omar2535 Omar
GPG key ID: 6A95C140357FD170
Learn about vigilant mode.
Compare
Choose a tag to compare
V2.1.5
  • Refactor a lot of materializer code
  • Add UNION type support
  • Add DEBUG support
Assets 2
Loading

V2.1.3

02 Jul 23:35
@omar2535 omar2535
V2.1.3
60a19bb
Compare
Choose a tag to compare
V2.1.3

Features

  • IDOR checking
  • Packaged GraphQLer as a pip package
  • Bug fixes
  • Improved logging for compiler and found objects
  • Support for a TOML config file
  • Use --mode to combine --compile, --fuzz, --run
  • Add --version flag
  • Add container to run GraphQLer in docker
  • Add proxy support
  • Add custom headers
Assets 2
Loading

V1.0

21 Oct 21:57
@omar2535 omar2535
V1.0
65f5be2
Compare
Choose a tag to compare
V1.0

GraphQLer V1.0

GraphQLer is the first ever dependency-aware GraphQL testing tool, used to test your GraphQL API for any bugs or errors that may come from chaining your queries and mutations together! It features a dependency graph for you to inspect, outputs for you to review, and is also extensible for anyone who wants their own custom testing suite!

Features

  • Testing queries and mutations
  • Chaining object IDs to be used in other queries and mutations
  • Creating a dependency graph
  • Statistics & Logging
  • Error handling
Assets 2
Loading

Original GraphQLer

27 Sep 03:16
@omar2535 omar2535
original
354349e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Original GraphQLer

This version is based on the research conducted in 2021

Assets 2
Loading