ciaraworg / goctopus Goto Github PK

View Code? Open in Web Editor NEW

This project forked from escape-technologies/goctopus

0.0 0.0 0.0 5.48 MB

Blazing fast GraphQL discovery & fingerprinting toolbox.

License: GNU Affero General Public License v3.0

Go 99.27% Dockerfile 0.73%

goctopus's Introduction

goctopus

Blazing fast graphql fingerprinting toolbox.

⚠️ Goctopus is still in very early development. Breaking changes are expected.

goctopus -a rickandmortyapi.com

                    .-'   `'.
                   /         \
                   |         ;
                   |         |           ___.--,
          _.._     |0) ~ (0) |    _.---'`__.-( (_.
   __.--'`_.. '.__.\    '--. \_.-' ,.--'`     `""`
  ( ,.--'`   ',__ /./;   ;, '.__.'`    __
  _`) )  .---.__.' / |   |\   \__..--""  """--.,_
 `---' .'.''-._.-'`_./  /\ '.  \ _.-~~~````~~~-._`-.__.'
       | |  .' _.-' |  |  \  \  '.               `~---`
        \ \/ .'     \  \   '. '-._)
         \/ /        \  \    `=.__`~-.
     jgs / /\         `) )    / / `"".`\
   , _.-'.'\ \        / /    ( (     / /
    `--~`   ) )    .-'.'      '.'.  | (
           (/`    ( (`          ) )  '-;
            `      '-;         (-'
                  _
  __ _  ___   ___| |_ ___  _ __  _   _ ___
 / _` |/ _ \ / __| __/ _ \| '_ \| | | / __|
| (_| | (_) | (__| || (_) | |_) | |_| \__ \
 \__, |\___/ \___|\__\___/| .__/ \__,_|___/ v0.0.18
 |___/                    |_|
[INF] Enumerating subdomains for 'rickandmortyapi.com'
[INF] Found 5 subdomains for 'rickandmortyapi.com' in 15 seconds 276 milliseconds
INFO[0016] Done fingerprinting rickandmortyapi.com
INFO[0016] Found: {"authenticated":false,"domain":"rickandmortyapi.com","schema_status":"OPEN","source":"rickandmortyapi.com","url":"https://rickandmortyapi.com/graphql"}
INFO[0016] Done. Found 1 graphql endpoints

Usage

Using go:

go install -v github.com/Escape-Technologies/goctopus/cmd/goctopus@latest
goctopus -a example.com

Using docker:

docker run --rm -it escapetech/goctopus:latest -a example.com

Main options & features

It is recommended to use the -a flag as a shorthand to enable all the features (if you want detailed results, and don't care about speed).

Input

Goctopus takes a list of adresses (endpoints and/or urls) as input. Adresses can be specified directly in the command line or in a file.

Command line

The adresses can be specified directly in the command line, comma separated. Example:

goctopus -a example.com,https://example.com/graphql

Input file

The adresses can be specified in a file, one per line. The file path should be specified using the -f flag. Example:

example.com
https://example.com/graphql
escape.tech
https://example.com/api

goctopus -f input.txt

Introspection fingerprinting

The -introspect flag enables introspection fingerprinting. If enabled, goctopus will detect if the introspection of graphql endpoints is enabled.

Subdomain enumeration

The -subdomain flag enables subdomain enumeration. If enabled, goctopus will try to find graphql endpoints on subdomains of the given domains. The enumeration is done using subfinder.

Field suggestion fingerprinting

The -suggest flag enables field suggestion fingerprinting. This option needs the introspection fingerprinting (-introspect) to be enabled. When enabled, goctopus will try to detect if the graphql endpoint has field suggestion enabled, if the introspection is closed. This is useful to bruteforce fields and/or types when introspection is disabled, with tools such as ClairvoyaceNext.

Output

The -o is used to specify the output file path. It defaults to output.jsonl. The output file is in json-lines format. Each line corresponds to one found graphql endpoint and will contain at least the following fields:

{
  "domain": "subdomain.example.com",
  "authenticated": false,
  "url": "https://subdomain.example.com/graphql",
  "source": "example.com"
}

The authenticated field can be one of the following:

true: The endpoint is a graphql endpoint.
false: The endpoint is a graphql endpoint and requires authentication.

Additional options

Usage: goctopus [options] [addresses]
[addresses]: A list of addresses to fingerprint, comma separated.
Addresses can be in the form of http://example.com/graphql or example.com. If an input file is specified, this argument is ignored.
[options]:
  -a	(All) Enable all fingerprinting methods: introspection, field suggestion, subdomain enumeration
  -f string
    	Input file
  -introspect
    	Enable introspection fingerprinting
  -o string
    	Output file (json-lines format)
  -s	Silent
  -subdomain
    	Enable subdomain enumeration
  -suggest
    	Enable fields suggestion fingerprinting.
    	Needs "introspection" to be enabled.
  -t int
    	Request timeout (seconds) (default 30)
  -v	Verbose
  -w int
    	Max workers (default 40)
  -webhook string
    	Webhook URL

Docker usage

Using volumes to load the input file and save to the output file:

docker run --rm -it -v $(pwd):/data escapetech/goctopus:latest -f /data/input.txt -o /data/output.jsonl

Using a specific version:

# for version vA.B.C
docker run --rm -it escapetech/goctopus:A.B.C [args]

Roadmap

Recommend Projects

ciaraworg / goctopus Goto Github PK

goctopus's Introduction

goctopus

Usage

Main options & features

Input

Command line

Input file

Introspection fingerprinting

Subdomain enumeration

Field suggestion fingerprinting

Output

Additional options

Docker usage

Roadmap

goctopus's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent