Convert Figma logo to code with AI

doyensec logoinql

InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.

1,615
165
1,615
31
View on GitHub

Top Related Projects

nikitastupin's avatar

clairvoyance

1,169

Obtain GraphQL API schema even if the introspection is disabled

swisskyrepo's avatar

GraphQLmap

1,478

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

graphql's avatar

graphql-playground

8,817

🎮 GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)

Quick Overview

InQL is a Burp Suite extension for GraphQL security testing. It allows security researchers to easily detect and exploit common vulnerabilities in GraphQL implementations, providing features like schema introspection, query generation, and custom query tampering.

Pros

  • Seamless integration with Burp Suite for efficient GraphQL testing
  • Automatic schema detection and query generation capabilities
  • Supports custom query tampering and mutation fuzzing
  • Provides a user-friendly interface for exploring GraphQL schemas

Cons

  • Limited to Burp Suite environment, not standalone
  • May require manual analysis for complex GraphQL implementations
  • Learning curve for users unfamiliar with GraphQL concepts
  • Potential for false positives in certain scenarios

Getting Started

  1. Download the latest InQL jar file from the releases page.
  2. Open Burp Suite and navigate to the Extender tab.
  3. Click on "Add" and select the downloaded InQL jar file.
  4. Once loaded, the InQL tab will appear in Burp Suite.
  5. To use InQL, send a request to a GraphQL endpoint and right-click to select "Send to InQL" or use the InQL tab directly.
# Example usage in Burp Suite

1. Intercept a GraphQL request
2. Right-click and select "Send to InQL"
3. In the InQL tab, click "Introspect" to retrieve the schema
4. Use the generated queries and mutations for testing
5. Modify queries using the "Tampering" feature for custom payloads

Competitor Comparisons

nikitastupin logo

clairvoyance

1,169

Obtain GraphQL API schema even if the introspection is disabled

Pros of Clairvoyance

  • Focuses specifically on GraphQL introspection and schema analysis
  • Provides a command-line interface for easy integration into automated workflows
  • Offers detailed output options, including JSON and GraphViz DOT formats

Cons of Clairvoyance

  • Less comprehensive feature set compared to InQL
  • May require more manual analysis and interpretation of results
  • Limited GUI options for visualizing schema relationships

Code Comparison

InQL (Burp Suite extension):

def process_query(self, query):
    parsed = parse(query)
    for definition in parsed.definitions:
        if isinstance(definition, OperationDefinition):
            self.process_operation(definition)

Clairvoyance (CLI tool):

def introspect(url, headers=None, timeout=10):
    introspection_query = get_introspection_query()
    response = requests.post(url, json={'query': introspection_query}, headers=headers, timeout=timeout)
    return response.json()['data']

Both tools aim to analyze GraphQL schemas, but InQL is more integrated into Burp Suite for security testing, while Clairvoyance provides a standalone CLI tool for schema analysis and visualization.

swisskyrepo logo

GraphQLmap

1,478

GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)

Pros of GraphQLmap

  • Lightweight and easy to use from the command line
  • Focuses on specific GraphQL vulnerabilities like IDOR and SQL injection
  • Includes a built-in fuzzing feature for testing various inputs

Cons of GraphQLmap

  • Less comprehensive in terms of overall GraphQL security testing
  • Limited visualization capabilities compared to InQL's Burp Suite integration
  • Lacks advanced features like custom query generation and schema analysis

Code Comparison

GraphQLmap:

def fuzz_field(self, field):
    fuzz_vectors = ["'", "\"", "`", "\\", "/", "*", "-", "+", "!"]
    for vector in fuzz_vectors:
        yield field + vector

InQL:

def generate_queries(self, schema):
    for type_name, type_object in schema.types.items():
        if isinstance(type_object, GraphQLObjectType):
            yield self._generate_query_for_type(type_name, type_object)

GraphQLmap focuses on fuzzing individual fields, while InQL generates comprehensive queries based on the entire schema structure. This reflects their different approaches to GraphQL security testing, with GraphQLmap targeting specific vulnerabilities and InQL providing a more holistic analysis.

graphql logo

graphql-playground

8,817

🎮 GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration)

Pros of GraphQL Playground

  • User-friendly GUI for exploring and testing GraphQL APIs
  • Supports multiple tabs for working with different queries simultaneously
  • Includes features like schema documentation and query history

Cons of GraphQL Playground

  • Primarily focused on API exploration and testing, not security analysis
  • Less specialized for identifying potential GraphQL vulnerabilities
  • May not provide detailed security-related insights for penetration testing

Code Comparison

GraphQL Playground (JavaScript):

import { GraphQLPlayground } from 'graphql-playground-react'

ReactDOM.render(
  <GraphQLPlayground endpoint="https://api.example.com/graphql" />,
  document.body
)

InQL (Python):

from inql.widgets.tab import Tab
from inql.actions.send import SendAction

tab = Tab(burp)
send_action = SendAction(tab)
send_action.send_to_repeater(query, variables)

Summary

GraphQL Playground is a versatile tool for API exploration and testing, offering a user-friendly interface and features like schema documentation. However, it lacks specialized security analysis capabilities. InQL, on the other hand, is tailored for security testing and vulnerability assessment in GraphQL APIs, integrating with Burp Suite for more comprehensive penetration testing. The choice between these tools depends on whether the primary focus is API exploration or security analysis.

Convert Figma logo designs to code with AI

Visual Copilot

Introducing Visual Copilot: A new AI model to turn Figma designs to high quality code using your components.

Try Visual Copilot

README

InQL v6.0 - Burp Extension for Advanced GraphQL Testing

Doyensec Research Island GitHub GitHub release (latest by date) GitHub Release Date dev branch ahead by GitHub contributors GitHub issues by-label GitHub issues by-label

:rocket: Introduction

Welcome to InQL v6.0, a major update for our open-source GraphQL testing tool. This version provides new and improved features designed to enhance your GraphQL testing experience, making it more efficient and effective.

We appreciate your trust in InQL. Happy testing!

:warning: Whats new in v6.0

InQL v6.0 release is focused on improving performance and overall responsiveness of the tool. The whole project has been rewritten into the Kotlin programming language, resulting in a significant speed increase when parsing large GraphQL schemas.

The version v6.0 also moves away from the soon-to-be-deprecated GQLSpection library. Instead, the tool now uses graphql-java. This shift allows us to concentrate on implementing new security-related features without the added complexity of maintaining the GraphQL parsing library. Additionally, the Java library is faster and more compatible with our Kotlin rewrite.

The new release also brings new important features such as:

  • A built-in GraphiQL and GraphQL Voyager servers, enabling schema visualization even when the target system doesn’t expose such interfaces
  • A circular references detector to identify potentially vulnerable fields
  • An improved batch queries screen
  • Speeeeeed! :rocket:

:star2: Features

The InQL user interface is equipped with two primary components: the Scanner and the Batch Queries tab.

:mag_right: Scanner

Scanner

The Scanner is the core of InQL, where you can analyze a GraphQL endpoint or a local introspection schema file. It auto-generates all possible queries, mutations, and subscriptions, organizing them into a structured view for your analysis.

:white_check_mark: Customizable Scans

InQL offers the flexibility to customize your scans. Adjust the depth of generated queries or the number of spaces used for indentation. You can also perform 'Points of Interest' scans to detect potential vulnerabilities in the GraphQL schema.

:white_check_mark: Points of Interest Analysis

After running a Points of Interest scan, you are presented with a rich data set covering a variety of potential vulnerabilities. You can enable or disable these categories according to your needs.

:white_check_mark: Circular References Detection

InQL implements circular reference detection. After analyzing the schema, it displays potentially vulnerable queries in the scanner results view.

:white_check_mark: Enhanced Interactions with Burp

InQL seamlessly integrates with Burp, enabling you to generate queries directly from any GraphQL request in Burp. You can also send auto-generated queries to other Burp tools for further analysis.

:white_check_mark: Custom Headers

You have the ability to set custom headers per domain, with the domain list auto-populated from observed traffic.

:crossed_swords: Batch Queries

The Batch Queries tab lets you run batch GraphQL attacks, which can be useful for circumventing poorly implemented rate limits.

:memo: Burp's Native Message Editors

Burp's native message editors now come with an additional 'GraphQL (InQL)' tab, providing an efficient way to view and modify GraphQL requests. It also supports schema highlighting for better readability.

:crossed_swords: GraphiQL and GraphQL Voyager

InQL now implements GraphiQL and GraphQL Voyager servers. You can send the analysed schame into them to enhance the analysis even further!

:arrow_down: Installation

To successfully install InQL, ensure you meet the following requirements:

Burp:

  • Support is only provided for the most recent version of Burp.
  • Compatible with both "Professional" and "Community" editions.

Java:

  • The Montoya API needs Java 17 or later.

:computer: Building the InQL extension from git

  1. Install Java 17+, for example in Debian-based distros:
$ sudo apt install -y openjdk-17-jdk
$ java --version
openjdk 17.0.6 2023-01-17
  1. Install our build tool - Taskfile:
$ # Mac OS & Homebrew:
$ brew install go-task
$ # Debian
$ sudo apt install -y task
  1. Clone the repo and pull submodules:
$ git clone https://github.com/doyensec/inql
$ cd inql
$ # Optionally, checkout dev branch (might be broken / unstable!)
$ git checkout dev
  1. Build the InQL extension:
$ task all

This should produce a file named InQL.jar or similar in the root of the repo. Load it into Burp as a Java extension.

Development environment

If you want to contribute to the project, no special environment is needed. You can simply re-build the project every time you implement a change.

To speed up the work on the code, you might want to auto-rebuild the extension whenever you make a change. Just run kotlin task with the --watch / -w flag and you're good to go:

$ task kotlin -w

:handshake: Contributing

InQL thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve InQL, making it a stronger tool for the community.

Interactions are best carried out through the Github issue tracker, but you can also reach us on social media (@Doyensec). We look forward to hearing from you!

:busts_in_silhouette: Contributors

A special thanks to our contributors. Your dedication and commitment have been instrumental in making InQL what it is today.

Current:

Historical:

This project was made with support of Doyensec.

Doyensec Research