Other Script7
Other Script7
/usr/bin/python
import argparse
import json
import requests
cmdlist = [
"exit",
"help",
"dump_old",
"dump_new",
"postgresqli",
"mysqli",
"mssqli",
"nosqli",
"mutation",
"edges",
"node",
"$regex",
"$ne",
"__schema",
]
def jq(data):
return json.dumps(data, indent=4, sort_keys=True)
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument(
"-u",
action="store",
dest="url",
help="URL to query : example.com/graphql?query={}",
)
parser.add_argument(
"-v",
action="store",
dest="verbosity",
help="Enable verbosity",
nargs="?",
const=True,
)
parser.add_argument(
"--method",
action="store",
dest="method",
help="HTTP Method to use interact with /graphql endpoint",
nargs="?",
const=True,
default="GET",
)
parser.add_argument(
"--headers",
action="store",
dest="headers",
help="HTTP Headers sent to /graphql endpoint",
nargs="?",
const=True,
type=str,
)
parser.add_argument(
"--json",
action="store",
dest="use_json",
help="Use JSON encoding, implies POST",
nargs="?",
const=True,
type=bool,
)
results = parser.parse_args()
if results.url is None:
parser.print_help()
exit()
return results
def display_help():
print("[+] \033[92mdump_old \033[0m: dump GraphQL schema
(fragment+FullType)")
print("[+] \033[92mdump_new \033[0m: dump GraphQL schema
(IntrospectionQuery)")
print(
"[+] \033[92mnosqli \033[0m: exploit a nosql injection inside a
GraphQL query"
)
print(
"[+] \033[92mpostgresqli \033[0m: exploit a sql injection inside a GraphQL
query"
)
print(
"[+] \033[92mysqli \033[0m: exploit a sql injection inside a GraphQL
query"
)
print(
"[+] \033[92mssqli \033[0m: exploit a sql injection inside a GraphQL
query"
)
print("[+] \033[92mexit \033[0m: gracefully exit the application")