A comprehensive security testing tool for GraphQL APIs. This scanner implements ALL known GraphQL vulnerabilities based on OWASP guidelines and latest security research.
# Clone the repository
git clone https://github.com/Sid-Bahuguna/GraphX.git
cd GraphX
# Install dependencies
pip install -r requirements.txt
# Make executable (Linux/macOS)
chmod +x graphql_scanner.pypython graphql_scanner.py -u https://example.com/graphqlpython graphql_scanner.py -u https://example.com/graphql --quickpython graphql_scanner.py -u https://api.example.com/graphql \
-H "Authorization: Bearer YOUR_TOKEN"python graphql_scanner.py -u https://api.example.com/graphql \
-H "Authorization: Bearer token123" \
-H "X-API-Key: key456" \
-H "User-Agent: SecurityScanner/2.0" \
--full- Obtain written permission before scanning
- Comply with all applicable laws
- Follow responsible disclosure practices
- Do not use against production systems without authorization
This tool is for authorized security testing only. Unauthorized use may be illegal. Users are solely responsible for compliance with all applicable laws and regulations.
Contributions welcome! Please:
- Fork the repository
- Create feature branch (
git checkout -b feature/amazing-feature) - Commit changes (
git commit -m 'Add amazing feature') - Push to branch (
git push origin feature/amazing-feature) - Open Pull Request
FOR AUTHORIZED SECURITY TESTING ONLY
The authors assume no liability for misuse. Users must:
- Obtain explicit written permission
- Comply with all laws and regulations
- Use responsibly and ethically
- Follow responsible disclosure
Built with ❤️ by Sidharth Bahuguna
Version 2.0 - GraphQL Security Scanner
Last Updated: December 2025