GraphQL - HowToHunt

Search…

Account Takeover Methodology

Account Takeover Methodology

Application Level DoS

Application Level DoS Methods

Authentication Bypass

Broken-Link Hijacking

Broken-Link Hijacking

Broken Auth And Session Management

Session Based Bugs

CMS

CORS

CSRF

Finding CVEs

CheckList

Web Application Pentesting Checklist

Web Checklist by Chintan Gurjar.pdf

Mindmap by Rohit Gautam

Mindmap by Cristian Cornea

Web Page Source Code Review

Web Page Code Review Tips

EXIF Geo Data Not Stripped

EXIF Geo Data Not Stripped

File Upload Bypass

File Upload Bypass

Find Origin IP

GraphQL

HTTP Desync Attack

Host-Header Attack

HTML-Injection

IDOR

JWT ATTACK

MFA Bypass

Misconfigurations

Default Credential And Admin Panel

OAuth

Open Redirection

Find OpenRedirect Trick

Open Redirection Bypass

Parameter Pollution

Parameter Pollution In Social Sharing Buttons

Password Reset Functionality

Password Reset Token Leakage

Account_Takeover_By_Password_Reset_Functionality

Rate Limit

Rate-Limit Bypass

Recon

Subdomain Enumeration

SQLi

SQL Injection.md

SSRF

SSTI

Sign Up Functionality

Sign Up MindMap

Sensitive Info Leaks

Github Recon Method

Github Dorks All

Shodan CVE Dorks

Status Code Bypass

Status_Code_Bypass Tips

Subdomain Takeover

Subdomain Takeover - Detail Method

Subdomain Takeover - Easy Method

Tabnabbing

WAF Bypasses

WAF Bypass Using Headers

Weak Password Policy

Weak Password Policy

XSS

XXE

Powered By GitBook

GraphQL

Videos
GraphQL Video - InsiderPhd​
​REST in Peace: Abusing GraphQL to Attack Underlying Infrastructure - LevelUp 0x05​
Blogs
Exploit GraphQL - Yeswehack Blog​
Hacking GraphQL - Part 1 Part 2​
​That single GraphQL issue that you keep missing by Doyensec​
​Reverse engineer a GraphQL API​
​Exploiting GraphQL by Assetnote​
​GraphQL Resources Thread by HolyBugx​
Tools
​GraphQL Voyager​
​GraphQL Cheatsheet​
​AutoGraphQL - Demo Video​
​graphw00f - GraphQL Server Engine Fingerprinting utility to learn more about what technology is behind a given GraphQL endpoint -InQL - Introspection GraphQL Scanner - A security testing tool to facilitate GraphQL technology security auditing efforts
Labs
Damn-Vulnerable-GraphQL-Application - Github​

Find Origin IP - Previous

Next - HTTP Desync Attack

Last modified 8mo ago

Copy link

Outline