GraphQL

Videos

• GraphQL Video - InsiderPhd

• REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure - LevelUp 0x05

Blogs

• Exploit GraphQL - Yeswehack Blog

• Hacking GraphQL - Part 1 Part 2

• That single GraphQL issue that you keep missing by Doyensec

• Reverse engineer a GraphQL API

• Exploiting GraphQL by Assetnote

• GraphQL Resources Thread by HolyBugx

• GraphQL Test Cases

Tools

• GraphQL Voyager

• GraphQL Cheatsheet

• AutoGraphQL - Demo Video

• graphw00f - GraphQL Server Engine Fingerprinting utility to learn more about what technology is behind a given GraphQL endpoint

• InQL - Introspection GraphQL Scanner - A security testing tool to facilitate GraphQL technology security auditing efforts

• Graphicator is a GraphQL "scraper" / extractor

Labs

• Damn-Vulnerable-GraphQL-Application - Github