GraphCrawler
GraphQL automated security testing toolkit (by gsmith257-cyber)
inql
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration. (by doyensec)
GraphCrawler | inql | |
---|---|---|
7 | 3 | |
288 | 1,474 | |
- | 2.3% | |
3.4 | 4.2 | |
3 months ago | about 1 month ago | |
Python | Python | |
MIT License | Apache License 2.0 |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
GraphCrawler
Posts with mentions or reviews of GraphCrawler.
We have used some of these posts to build our list of alternatives
and similar projects.
- GraphCrawler: GraphQL automated security testing toolkit
-
BIG update out for GraphCrawler - GraphQL automated security testing.
You all loved it before but it just got better. Now in version 1.2 just point GraphCrawler at a domain and it will search for subdomains and then GraphQL endpoints on those subdomains for you! After that it will run just like before and do a security assessment on each one. It literally does it all for you now. Check it out! GraphCrawler
-
Automated toolkit for testing GraphQL endpoints.
Hey everyone, for y’all interested in GraphQL security I’ve released a big update to my tool GraphCrawler. It will do literally everything for you when checking out an endpoint for misconfigurations and exposures. Hope y’all like it! And if you do plz star it! GraphCrawler
-
Best GraphQL pentesting tool
Just released my biggest update yet for GraphCrawler! It is now the most powerful GraphQL endpoint security tool out there and I’m working on making it better. Please give it a star if you like it. I hope it makes y’all’s lives easier GraphCrawler
-
New GraphQL pentest tool
Hey, I just released a new version of GraphCrawler and this new version combines it with Clairvoyance and GraphQL-path-enum, to make it the most powerful GraphQL endpoint security tool. If there is anything for a foothold it will find it and help you exploit it by giving you attack paths. Give it a look here: GraphCrawler
-
Pentesting and bug bounty tool for GraphQL
Hey again, I posted about this tool before but there’s been a pretty big update to it and now it includes Clairvoyance and graphql-path-enum built into it. It is the all in one GraphQL pentesting tool. Hope y’all enjoy! GraphCrawler
- GraphQL Automated Vulnerability Scanner
inql
Posts with mentions or reviews of inql.
We have used some of these posts to build our list of alternatives
and similar projects.
-
/r/netsec's Q4 2022 Information Security Hiring Thread
ABOUT US: At Doyensec https://doyensec.com/ , we believe that quality is the natural product of passion and care. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security. Our clients are some of the global brands in the tech and startup communities. We help them secure their software and systems by providing information security consulting services (pentesting, reverse engineering, product security design and auditing). We keep a small dedicated client base and expect to develop long term working relationships with the projects and people with whom we work. We are looking for a highly experienced security engineer to join our consulting team. We perform gray-box security testing on complex web and mobile applications. We need someone who has proven testing skills across multiple languages and environments and can hit the ground running. If youre good at crawling around in the ventilation ducts of the worlds most popular and important applications, you probably have the right skillset for the job. Experience developing code and tools is highly desirable, along with the ability to support the growth of fellow engineers. We offer a competitive salary in a supportive and dynamic environment that rewards hard work and talent. We are dedicated to providing research-driven application security and therefore invest 25% of your time exclusively to research, where we build security testing tools, discover new attack techniques, and develop countermeasures. RESPONSABILITITES: -Security testing of web, mobile (iOS, Android) applications -Vulnerability research activities, coordinated and executed with Doyensec's founders -Partnering with customers to ensure the projects objectives are achieved -Leading projects and supporting engineer growth -Conduct cloud based audits on popular cloud platforms -Provide support and guidance for clients concerning app and cloud security configuration, hardening and industry best practices
-
/r/netsec's Q3 2022 Information Security Hiring Thread
100% Remote (US-Europe candidates only) At Doyensec (https://doyensec.com/), we believe that quality is the natural product of passion and care. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security. Our clients are some of the global brands in the tech and startup communities. We help them secure their software and systems by providing information security consulting services (pentesting, reverse engineering, product security design and auditing). We keep a small dedicated client base and expect to develop long term working relationships with the projects and people with whom we work. We are looking for a highly experienced Cloud Security Engineer to join our team. We perform white-box security testing on complex cloud infrastructures. We need someone who has a strong interest in auditing and researching multiple cloud platforms and environments and can hit the ground running. We offer a competitive salary in a supportive and dynamic environment that rewards hard work and talent. We are dedicated to providing research-driven application security and therefore invest 25% of your time exclusively in R&D, where we build security testing tools, discover new attack techniques and develop exploits. Responsibilities: Conduct cloud based audits on popular web platforms and applications Research new class of attacks affecting containerized environments Provide support and guidance for clients concerning cloud security configuration, hardening and industry best practices Shape the internal methodology and tooling adopted by all team members during our cloud security engagements Requirements: Ability to discover, document and fix misconfigurations in cloud environments Strong security foundation on AWS security (must-have) and GCP/Azure (nice-to-have) Good understanding of Kubernetes, Docker and many other container technology Familiarity with standard cloud security testing tools: Scout Suite, Cloudspoit, Forseti Security, kube-bench and others You’re passionate about understanding complex environments Eager to learn, adapt, and perfect your work We offer: Remote work, with flexible hours Competitive salary with shared research revenue Startup atmosphere 25% R&D time (really!) Access to high-visibility security testing efforts for leading tech companies Possibility to attend and present at various security conferences around the globe
- doyensec/inql - InQL - A Burp Extension for GraphQL Security Testing
What are some alternatives?
When comparing GraphCrawler and inql you can also consider the following projects:
HackBar - HackBar plugin for Burpsuite
Reconnoitre - A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
golang-tls - Simple Golang HTTPS/TLS Examples
burp-copy-as-ffuf - Burp Extension that copies a request and builds a FFUF skeleton
Burp2Malleable - Quick python utility I wrote to turn HTTP requests from burp suite into Cobalt Strike Malleable C2 profiles
bandit - Bandit is a tool designed to find common security issues in Python code.
kubestriker - A Blazing fast Security Auditing tool for Kubernetes