An open-source project in Golang to asess different API Security tools and WAF for detection logic and bypasses

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

Damn Vulnerable GraphQL Application is an intentionally vulnerable GraphQL service implementation designed for learning about and practising GraphQL Security.

GraphQL automated security testing toolkit

GraphQL implementation based on light-4j

AI-native security auditor on AgentField that proves exploitability with verdicts, traces, and actionable evidence.

a vulnerable GraphQL application

A plugin based GraphQL vulnerability assessment tool.

Automated GraphQL pentest and fuzzing tool for bug bounty hunting and security research.

An integrated tool to detect, fingerprint, and explore GraphQL endpoints.

A lightweight, multi-threaded web application reconnaissance and security testing tool. Features include crawling, JavaScript analysis, secret detection, GraphQL probing, JWT analysis, security header checks, and XSS fuzzing, with JSON and HTML reporting. For authorized security testing only (MIT License)

Burp Suite extension for passive GraphQL reconnaissance. Catalogs operations from proxy traffic, tracks variable shapes with sample values, stores original requests per signature, and sends to Intruder with auto-marked payload positions. Supports status triage, export/import for session persistence, and batched mutation detection.

Comprehensive GraphQL security scanner and runtime shield

Offensive Security & Penetration Testing Handbook

🕵️♂️ Perform robust web security scanning and reconnaissance with PhantomCrawler, designed for researchers and pen testers to enhance application security.

GraphQL Security Project