New features#2
Open
jonyluke wants to merge 30 commits into
Open
Conversation
Added a README for the GraphQL SQLi Detector script, detailing its functionality, requirements, installation, usage, and output format.
Removed empty code block from README.
Updated installation instructions for clarity.
Updated sqlmap command with level and risk parameters.
Enhanced the GraphQL SQL injection detector by adding schema value extraction and improved parameter handling. Updated the command-line interface and internal logic for better detection and reporting.
Refactor SQLi detector to improve accuracy and reduce false positives. Added new functions for error detection and enhanced payload handling.
Added a new SQL injection payload to the detector.
Expanded the README to provide detailed information about the GraphQL SQL injection detector's capabilities, usage, output, and limitations.
Added crawling feature to extract and reuse outputs as inputs in the SQLi detector. Enhanced command-line flags for configuration.
Updated README.md to enhance clarity and structure, including improvements to the capabilities, output, usage examples, limitations, and extending contributions sections.
Updated README to clarify functionality, usage, and output details of the GraphQL SQL injection detector. Improved descriptions of key capabilities, CLI flags, and limitations.
Refactor sqli_detector.py for improved structure and clarity. Added new functions for evidence handling and adjusted existing logic for better readability.
- Extract shared logic (introspection fetch/bypass, HTTP helpers, colour
output) into a new core/ package to eliminate duplication across the
three original scripts.
- Rename qGen/ → qgen/ (lowercase) for consistency.
- effuzz: add --discover (probe common GraphQL paths + confirm with
{__typename}) and --check-methods (CSRF surface: GET + form-urlencoded
tests); now fuzzes mutations as well as queries.
- qgen: auto-confirm endpoint with {__typename} before introspection;
retry automatically with newline-bypass if standard introspection fails.
- sqli: replace inline header-parsing and colorama boilerplate with
imports from core/; improve CLI validation and help text.
- Add alias_brute/alias_brute.py: alias-based brute-force that batches
N login attempts as GraphQL aliases in a single HTTP request,
bypassing rate limiters that count by HTTP request.
- Replace per-tool READMEs and requirements.txt with a single root
README.md and requirements.txt covering all tools.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
qgen: remove --introspection FILE, --save-introspection flags; --url is now required. effuzz: remove --introspection, --save-introspection flags and --discover flag; endpoint auto-discovery now runs automatically whenever the given URL does not respond as GraphQL. sqli: fix hardcoded Query type name, NULL_ON_ATTACK field comparison, inconsistent sqlmap commands, backslash fallback; add Oracle/MSSQL/SQLAlchemy/sqlite3 error signatures, data- field SQL error scanning, skip-fallback optimisation, O(1) type_map lookup, and _collect_key_roles helper. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Remove references to --introspection, --save/no-save-introspection, and --discover. Document that qgen --url is now required, and that effuzz auto-discovers the endpoint whenever the provided URL doesn't respond as GraphQL. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…truction core/introspection.py: - Add INTROSPECTION_QUERY_LOCATIONS (Burp-style 'locations' form) and INTROSPECTION_QUERY_ON_STAR (deprecated on*/onFragment form) as query variants - fetch_with_bypass now tries all combinations of 3 query forms × 7 __schema whitespace/comment bypass variants (newline, double-space, tab, comment #, compact, double-newline) × 3 HTTP methods (POST JSON, GET, POST form-urlencoded) - Add reconstruct_schema_from_errors(): when introspection is fully blocked, discovers fields via "Did you mean X?" suggestions from bogus probes, wordlist batching, and required-arg extraction from type error messages qgen / effuzz / sqli: fall back to reconstruct_schema_from_errors when all fetch_with_bypass strategies fail; log the strategy used when it's non-trivial Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
core/introspection.py: - Remove INTROSPECTION_BYPASS_QUERY (unused constant) - Remove save_to_file and load_from_file (nothing calls them after --introspection removal) - Make fetch_introspection private (implementation detail of fetch_with_bypass) - Reorder strategy list: iterate bypass-variant first, then query form — detects a wrong query form after 3 requests instead of 21 - Return "normal" (not "post-json") for the plain POST success case qgen: remove _confirm_endpoint() — redundant pre-flight before fetch_with_bypass qgen / effuzz / sqli: unify strategy display check to != "normal" Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add 'Introspection bypass' section explaining the 21-strategy POST chain (3 query forms × 7 __schema variants), GET/form-urlencoded fallbacks, and error-based schema reconstruction - Fix qgen section: remove stale pre-flight confirmation text and update example session output to match current behaviour - Fix project structure comment for core/introspection.py - Remove stale '--discover' reference from recommended workflow Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…idence display - core/introspection.py: add GRAPHQL_PATHS, ping(), find_graphql_endpoint() - effuzz: remove duplicate _get_typename; discover_endpoint uses core_intro.GRAPHQL_PATHS + core_intro.ping - sqli: auto-discover endpoint if fetch_with_bypass fails; show evidence_type in summary; fix severity thresholds (0.75/0.45 instead of unreachable 0.9) - qgen/alias_brute: remove try/except ImportError for requests - README: reflect all changes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.