Open Steiner-254 opened 5 months ago
┌──(root💀kali)-[/home/pawner/GraphQLmap] └─# graphqlmap -u "https://graphql-demo.mead.io/" --proxy http://127.0.0.1:8080
Author: @pentest_swissky Version: 1.1
GraphQLmap > help [+] dump_via_introspection : dump GraphQL schema (fragment+FullType) [+] dump_via_fragment : dump GraphQL schema (IntrospectionQuery) [+] nosqli : exploit a nosql injection inside a GraphQL query [+] postgresqli : exploit a sql injection inside a GraphQL query [+] mysqli : exploit a sql injection inside a GraphQL query [+] mssqli : exploit a sql injection inside a GraphQL query [+] exit : gracefully exit the application GraphQLmap > dump_via_introspection Traceback (most recent call last): File "/usr/local/bin/graphqlmap", line 4, in import('pkg_resources').run_script('graphqlmap==0.0.1', 'graphqlmap') File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 720, in run_script self.require(requires)[0].run_script(script_name, ns) File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1570, in run_script exec(script_code, namespace, namespace) File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 82, in File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 56, in init File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/graphqlmap/attacks.py", line 32, in dump_schema File "/usr/local/lib/python3.11/dist-packages/requests/models.py", line 900, in json return complexjson.loads(self.text, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/init.py", line 514, in loads return _default_decoder.decode(s) ^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 386, in decode obj, end = self.raw_decode(s) ^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 416, in raw_decode return self.scan_once(s, idx=_w(s, idx).end()) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ simplejson.errors.JSONDecodeError: Expecting value: line 2 column 3 (char 3)
The URL you are providing isn't a graphql endpoint, its an HTML/JS entry point page
┌──(root💀kali)-[/home/pawner/GraphQLmap] └─# graphqlmap -u "https://graphql-demo.mead.io/" --proxy http://127.0.0.1:8080
GraphQLmap > help [+] dump_via_introspection : dump GraphQL schema (fragment+FullType) [+] dump_via_fragment : dump GraphQL schema (IntrospectionQuery) [+] nosqli : exploit a nosql injection inside a GraphQL query [+] postgresqli : exploit a sql injection inside a GraphQL query [+] mysqli : exploit a sql injection inside a GraphQL query [+] mssqli : exploit a sql injection inside a GraphQL query [+] exit : gracefully exit the application GraphQLmap > dump_via_introspection Traceback (most recent call last): File "/usr/local/bin/graphqlmap", line 4, in
import('pkg_resources').run_script('graphqlmap==0.0.1', 'graphqlmap')
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 720, in run_script
self.require(requires)[0].run_script(script_name, ns)
File "/usr/lib/python3/dist-packages/pkg_resources/init.py", line 1570, in run_script
exec(script_code, namespace, namespace)
File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 82, in
File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/EGG-INFO/scripts/graphqlmap", line 56, in init
File "/usr/local/lib/python3.11/dist-packages/graphqlmap-0.0.1-py3.11.egg/graphqlmap/attacks.py", line 32, in dump_schema
File "/usr/local/lib/python3.11/dist-packages/requests/models.py", line 900, in json
return complexjson.loads(self.text, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/init.py", line 514, in loads
return _default_decoder.decode(s)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 386, in decode
obj, end = self.raw_decode(s)
^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 416, in raw_decode
return self.scan_once(s, idx=_w(s, idx).end())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
simplejson.errors.JSONDecodeError: Expecting value: line 2 column 3 (char 3)