{"id":10044,"date":"2020-03-31T19:30:48","date_gmt":"2020-03-31T14:00:48","guid":{"rendered":"http:\/\/kalilinuxtutorials.com\/?p=10044"},"modified":"2020-03-31T19:30:48","modified_gmt":"2020-03-31T14:00:48","slug":"inql","status":"publish","type":"post","link":"https:\/\/kalilinuxtutorials.com\/inql\/","title":{"rendered":"InQL &#8211; A Burp Extension for GraphQL Security Testing"},"content":{"rendered":"\n<p>A security testing tool to facilitate <a href=\"https:\/\/graphql.org\/\">GraphQL<\/a> technology security auditing efforts. <strong>InQL<\/strong> can be used as a stand-alone script, or as a <a href=\"https:\/\/portswigger.net\/burp\">Burp Suite<\/a> extension. <\/p>\n\n\n\n<p>Running <code>inql<\/code> from Python will issue an <a href=\"https:\/\/graphql.org\/learn\/introspection\/\">Introspection<\/a> query to the target GraphQL endpoint in order fetch metadata information for:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Queries, mutations, subscriptions<\/li><li>Its fields and arguments<\/li><li>Objects and custom objects types<\/li><\/ul>\n\n\n\n<p>InQL can inspect the introspection query results and generate clean documentation in different formats, such as\nHTML and JSON schema. InQL is also able to generate templates (with optional placeholders) for all known basic data types.<\/p>\n\n\n\n<p>The resulting HTML documentation page will contain details for all available <code><strong>Queries<\/strong><\/code>, <code><strong>Mutations<\/strong><\/code>, and <code><strong>Subscriptions<\/strong><\/code> as shown here:<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-HkhlC0huObA\/XoCPMVvbZLI\/AAAAAAAAFxY\/eJTUSOwA9Pc91vWYhp8Qo4UWGAUpBAtnACLcBGAsYHQ\/s1600\/InQL.png\" alt=\"\"\/><\/figure><\/div>\n\n\n\n<p>The following screenshot shows the use of templates generation: <\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-SzDgr_QR7ho\/XoCPNzvz60I\/AAAAAAAAFxc\/ZpjRKYh7sSgV9cVHXixTnGA7u57-RugkQCLcBGAsYHQ\/s1600\/InQL1.png\" alt=\"\"\/><\/figure>\n\n\n\n<p> For all supported options, check the command line help: <\/p>\n\n\n\n<p class=\"has-text-color has-background has-vivid-green-cyan-color has-very-dark-gray-background-color\"><strong>usage:<\/strong> inql [-h] [-t TARGET] [-f SCHEMA_JSON_FILE] [-k KEY] [-p PROXY]<br>             [&#8211;header HEADERS HEADERS] [-d] [&#8211;generate-html]<br>             [&#8211;generate-schema] [&#8211;generate-queries] [&#8211;insecure]<br>             [-o OUTPUT_DIRECTORY]<br> <br><strong>InQL Scanner<\/strong><br><br><strong>Optional arguments:<\/strong><br>   -h, &#8211;help            show this help message and exit<br>   -t TARGET             Remote GraphQL Endpoint (https:\/\/\/graphql)<br>   -f SCHEMA_JSON_FILE   Schema file in JSON format<br>   -k KEY                API Authentication Key<br>   -p PROXY              IP of web proxy to go through (http:\/\/127.0.0.1:8080)<br>   &#8211;header HEADERS HEADERS<br>   -d                    Replace known GraphQL arguments types with placeholder  values (useful for Burp Suite)<br>   &#8211;generate-html       Generate HTML Documentation<br>   &#8211;generate-schema     Generate JSON Schema Documentation<br>   &#8211;generate-queries    Generate Queries<br>   &#8211;insecure            Accept any SSL\/TLS certificate<br>   -o OUTPUT_DIRECTORY   Output Directory<\/p>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Burp Suite Extension<\/strong><\/p>\n\n\n\n<p>Since version 1.0 of the tool, InQL was extended to operate within \nBurp Suite. In this mode, the tool will retain all the capabilities of \nthe stand-alone script plus a handy user interface to manipulate \nqueries.<\/p>\n\n\n\n<p>Using the <code>inql<\/code> extension for Burp Suite, you can:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Search for known GraphQL URL paths; the tool will grep and match \nknown values to detect GraphQL endpoints within the target website<\/li><li>Search for exposed GraphQL development consoles (<em>GraphiQL<\/em>, <em>GraphQL Playground<\/em>, and other common consoles)<\/li><li>Use a custom GraphQL tab displayed on each HTTP request\/response containing GraphQL<\/li><li>Leverage the templates generation by sending those requests to Burp&#8217;s Repeater tool<\/li><li>Configure the tool by using a custom settings tab<\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/1.bp.blogspot.com\/-nLZo3OJ3ZfA\/XoCPo6xlOrI\/AAAAAAAAFxk\/UBRXM389W9gLvhzSO3m3zIJPAKdoh4gowCLcBGAsYHQ\/s1600\/InQL2.gif\" alt=\"\"\/><\/figure>\n\n\n\n<p>To use <code>inql<\/code> in Burp Suite, import the Python extension:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Download the <a href=\"https:\/\/www.jython.org\/download\">Jython<\/a> Jar<\/li><li>Start Burp Suite<\/li><li>Extender Tab &gt; Options &gt; Python Enviroment &gt; Set the location of Jython standalone JAR<\/li><li>Extender Tab &gt; Extension &gt; Add &gt; Extension Type &gt; Select Python<\/li><li>Download the latest <code><strong>inql_burp.py<\/strong><\/code> release <a href=\"https:\/\/github.com\/doyensec\/inql\/releases\">here<\/a><\/li><li>Extension File &gt; Set the location of <code><strong>inql_burp.py<\/strong><\/code> &gt; Next<\/li><li>The output should now show the following message: <code><strong>InQL Scanner Started!<\/strong><\/code><\/li><\/ul>\n\n\n\n<p><em>In future, we might consider integrating the extension within the Burp&#8217;s BApp Store.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/github.com\/doyensec\/inql#burp-extension-usage\"><\/a><\/h3>\n\n\n\n<p class=\"has-background has-text-align-center has-light-green-cyan-background-color\"><strong>Burp Extension Usage<\/strong><\/p>\n\n\n\n<p>Getting started with <code>inql<\/code> Burp extension is easy:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Load a GraphQL endpoint or a JSON schema file location inside the top input field<\/li><li>Press the &#8220;Load&#8221; button<\/li><li>After few seconds, the left panel will refresh loading the directory  structure for the selected endpoint as in the following example:<\/li><\/ul>\n\n\n\n<ol class=\"wp-block-list\"><li>url<ul><li>query<\/li><\/ul><\/li><li> <ul><li>timestamp 1 <ul><li>query1.query <\/li><li>query2.query <\/li><\/ul><\/li><\/ul><\/li><li> <ul><li>timestamp 2 <ul><li> query1.query <\/li><li> query2.query <\/li><\/ul><\/li><\/ul><ul><li>mutation<\/li><\/ul><ul><li>subscription<\/li><\/ul><\/li><\/ol>\n\n\n\n<ul class=\"wp-block-list\"><li>Selecting any <em>query<\/em>\/<em>mutation<\/em>\/<em>subscription<\/em> will load the corresponding template in the main text area<\/li><\/ul>\n\n\n\n<p><strong>Credit:<\/strong>  Andrea Brancaleoni  &amp; Paolo Stagno<\/p>\n\n\n\n<div class=\"wp-block-button aligncenter is-style-outline is-style-outline--1\"><a class=\"wp-block-button__link has-background has-vivid-cyan-blue-background-color\" href=\"https:\/\/github.com\/doyensec\/inql\"><strong>Download<\/strong><\/a><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension. Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for: Queries, mutations, subscriptions Its fields and arguments Objects and custom [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":16209,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png","fifu_image_alt":"InQL \u2013 A Burp Extension for GraphQL Security Testing","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[28],"tags":[491,1407,1627,3025],"class_list":["post-10044","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-kali","tag-burp-extension","tag-graphql","tag-inql","tag-security-testing"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>InQL - A Burp Extension for GraphQL Security Testing<\/title>\n<meta name=\"description\" content=\"A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/kalilinuxtutorials.com\/inql\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"InQL - A Burp Extension for GraphQL Security Testing\" \/>\n<meta property=\"og:description\" content=\"A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/kalilinuxtutorials.com\/inql\/\" \/>\n<meta property=\"og:site_name\" content=\"Kali Linux Tutorials\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-31T14:00:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png\" \/>\n<meta name=\"author\" content=\"R K\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png\" \/>\n<meta name=\"twitter:creator\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:site\" content=\"@CyberEdition\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"R K\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/\"},\"author\":{\"name\":\"R K\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\"},\"headline\":\"InQL &#8211; A Burp Extension for GraphQL Security Testing\",\"datePublished\":\"2020-03-31T14:00:48+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/\"},\"wordCount\":521,\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png\",\"keywords\":[\"Burp Extension\",\"GraphQL\",\"InQL\",\"Security Testing\"],\"articleSection\":[\"Kali Linux\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/inql\/\",\"name\":\"InQL - A Burp Extension for GraphQL Security Testing\",\"isPartOf\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png\",\"datePublished\":\"2020-03-31T14:00:48+00:00\",\"description\":\"A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/kalilinuxtutorials.com\/inql\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage\",\"url\":\"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png\",\"contentUrl\":\"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#website\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"name\":\"Kali Linux Tutorials\",\"description\":\"Kali Linux Tutorials\",\"publisher\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#organization\",\"name\":\"Kali Linux Tutorials\",\"url\":\"https:\/\/kalilinuxtutorials.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"contentUrl\":\"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png\",\"width\":272,\"height\":90,\"caption\":\"Kali Linux Tutorials\"},\"image\":{\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/CyberEdition\",\"https:\/\/www.threads.com\/@cybersecurityedition\",\"https:\/\/www.linkedin.com\/company\/cyberedition\",\"https:\/\/www.instagram.com\/cybersecurityedition\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad\",\"name\":\"R K\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g\",\"caption\":\"R K\"},\"url\":\"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"InQL - A Burp Extension for GraphQL Security Testing","description":"A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/kalilinuxtutorials.com\/inql\/","og_locale":"en_US","og_type":"article","og_title":"InQL - A Burp Extension for GraphQL Security Testing","og_description":"A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension.","og_url":"https:\/\/kalilinuxtutorials.com\/inql\/","og_site_name":"Kali Linux Tutorials","article_published_time":"2020-03-31T14:00:48+00:00","og_image":[{"url":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png","type":"","width":"","height":""}],"author":"R K","twitter_card":"summary_large_image","twitter_image":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png","twitter_creator":"@CyberEdition","twitter_site":"@CyberEdition","twitter_misc":{"Written by":"R K","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/kalilinuxtutorials.com\/inql\/#article","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/inql\/"},"author":{"name":"R K","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad"},"headline":"InQL &#8211; A Burp Extension for GraphQL Security Testing","datePublished":"2020-03-31T14:00:48+00:00","mainEntityOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/inql\/"},"wordCount":521,"publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png","keywords":["Burp Extension","GraphQL","InQL","Security Testing"],"articleSection":["Kali Linux"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/kalilinuxtutorials.com\/inql\/","url":"https:\/\/kalilinuxtutorials.com\/inql\/","name":"InQL - A Burp Extension for GraphQL Security Testing","isPartOf":{"@id":"https:\/\/kalilinuxtutorials.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage"},"thumbnailUrl":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png","datePublished":"2020-03-31T14:00:48+00:00","description":"A security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script, or as a Burp Suite extension.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/kalilinuxtutorials.com\/inql\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/inql\/#primaryimage","url":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png","contentUrl":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png"},{"@type":"WebSite","@id":"https:\/\/kalilinuxtutorials.com\/#website","url":"https:\/\/kalilinuxtutorials.com\/","name":"Kali Linux Tutorials","description":"Kali Linux Tutorials","publisher":{"@id":"https:\/\/kalilinuxtutorials.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/kalilinuxtutorials.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/kalilinuxtutorials.com\/#organization","name":"Kali Linux Tutorials","url":"https:\/\/kalilinuxtutorials.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/","url":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","contentUrl":"https:\/\/kalilinuxtutorials.com\/wp-content\/uploads\/2025\/07\/Kali.png","width":272,"height":90,"caption":"Kali Linux Tutorials"},"image":{"@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CyberEdition","https:\/\/www.threads.com\/@cybersecurityedition","https:\/\/www.linkedin.com\/company\/cyberedition","https:\/\/www.instagram.com\/cybersecurityedition\/"]},{"@type":"Person","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/69444b58b9e267a4cf08fceb34b6f6ad","name":"R K","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/kalilinuxtutorials.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d3937c9687f2da11bc0a716404ff91779fe19ca115208dbf66167ad353aca5aa?s=96&d=mm&r=g","caption":"R K"},"url":"https:\/\/kalilinuxtutorials.com\/author\/ranjith\/"}]}},"jetpack_featured_media_url":"https:\/\/1.bp.blogspot.com\/-879nRpwZ5LA\/XoCQ53_IxfI\/AAAAAAAAFxs\/9tDN4OIfTCgDqeZ5IbEZyG-27b3FF1YsQCLcBGAsYHQ\/s1600\/InQL%25281%2529.png","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":10951,"url":"https:\/\/kalilinuxtutorials.com\/inql-2\/","url_meta":{"origin":10044,"position":0},"title":"InQL : A Burp Extension For GraphQL Security Testing","author":"R K","date":"July 18, 2020","format":false,"excerpt":"InQL is a security testing tool to facilitate GraphQL technology security auditing efforts. InQL can be used as a stand-alone script or as a Burp Suite extension. InQL Stand-Alone CLI Running inql from Python will issue an Introspection query to the target GraphQL endpoint in order fetch metadata information for:\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":23867,"url":"https:\/\/kalilinuxtutorials.com\/graphql-cop\/","url_meta":{"origin":10044,"position":1},"title":"GraphQL Cop : Security Auditor Utility For GraphQL APIs","author":"R K","date":"April 11, 2022","format":false,"excerpt":"GraphQL Cop is a small Python utility to run common security tests against GraphQL APIs. GraphQL Cop is perfect for running CI\/CD checks in GraphQL. It is lightweight, and covers interesting security issues in GraphQL. GraphQL Cop allows you to reproduce the findings by providing cURL commands upon any identified\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgs10KkhvXAweCAIu_JFI_rlRC5NLoA91RtwwwH2Sk8Y8ZksKgmhksDWwgj5jkA0HvyNu-3G-KEOLL4MkJ9AVqtcqo7e2Oy62sjQQCZch6EVCqwWh0N_XIuPVIjPfYoG-aoP8CI7S5D6ZqE6MSrURTJQcamNoHqMlCt7vpDT6uFtFbUyTWmxKBivSO2\/s728\/graphql-1%20%281%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgs10KkhvXAweCAIu_JFI_rlRC5NLoA91RtwwwH2Sk8Y8ZksKgmhksDWwgj5jkA0HvyNu-3G-KEOLL4MkJ9AVqtcqo7e2Oy62sjQQCZch6EVCqwWh0N_XIuPVIjPfYoG-aoP8CI7S5D6ZqE6MSrURTJQcamNoHqMlCt7vpDT6uFtFbUyTWmxKBivSO2\/s728\/graphql-1%20%281%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgs10KkhvXAweCAIu_JFI_rlRC5NLoA91RtwwwH2Sk8Y8ZksKgmhksDWwgj5jkA0HvyNu-3G-KEOLL4MkJ9AVqtcqo7e2Oy62sjQQCZch6EVCqwWh0N_XIuPVIjPfYoG-aoP8CI7S5D6ZqE6MSrURTJQcamNoHqMlCt7vpDT6uFtFbUyTWmxKBivSO2\/s728\/graphql-1%20%281%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgs10KkhvXAweCAIu_JFI_rlRC5NLoA91RtwwwH2Sk8Y8ZksKgmhksDWwgj5jkA0HvyNu-3G-KEOLL4MkJ9AVqtcqo7e2Oy62sjQQCZch6EVCqwWh0N_XIuPVIjPfYoG-aoP8CI7S5D6ZqE6MSrURTJQcamNoHqMlCt7vpDT6uFtFbUyTWmxKBivSO2\/s728\/graphql-1%20%281%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":28690,"url":"https:\/\/kalilinuxtutorials.com\/graphicator\/","url_meta":{"origin":10044,"position":2},"title":"Graphicator : A GraphQL Enumeration And Extraction Tool","author":"R K","date":"March 30, 2023","format":false,"excerpt":"Graphicator is a GraphQL \"scraper\" \/ extractor. The tool iterates over the introspection document returned by the targeted GraphQL endpoint, and then re-structures the schema in an internal form so it can re-create the supported queries. When such queries are created is using them to send requests to the endpoint\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhg7R84eoi0HPGTvs_Tn-K_7dmwzZU2TwsZ5oMfW2lxnhy1lK1Cv3BEG8paE5BrhkR7Cnjo7kKNRoahqPFQ_4zRUh0GvwojO0FRLsooG0VDTUXv8_7hAsfyKiGyZiSPkxNG255pqKqYCQfUqUgSH7iGoN2885qu-IxjFe65ba9LcAX2-bnTAKiMY5hg\/s16000\/graphicator.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhg7R84eoi0HPGTvs_Tn-K_7dmwzZU2TwsZ5oMfW2lxnhy1lK1Cv3BEG8paE5BrhkR7Cnjo7kKNRoahqPFQ_4zRUh0GvwojO0FRLsooG0VDTUXv8_7hAsfyKiGyZiSPkxNG255pqKqYCQfUqUgSH7iGoN2885qu-IxjFe65ba9LcAX2-bnTAKiMY5hg\/s16000\/graphicator.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhg7R84eoi0HPGTvs_Tn-K_7dmwzZU2TwsZ5oMfW2lxnhy1lK1Cv3BEG8paE5BrhkR7Cnjo7kKNRoahqPFQ_4zRUh0GvwojO0FRLsooG0VDTUXv8_7hAsfyKiGyZiSPkxNG255pqKqYCQfUqUgSH7iGoN2885qu-IxjFe65ba9LcAX2-bnTAKiMY5hg\/s16000\/graphicator.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhg7R84eoi0HPGTvs_Tn-K_7dmwzZU2TwsZ5oMfW2lxnhy1lK1Cv3BEG8paE5BrhkR7Cnjo7kKNRoahqPFQ_4zRUh0GvwojO0FRLsooG0VDTUXv8_7hAsfyKiGyZiSPkxNG255pqKqYCQfUqUgSH7iGoN2885qu-IxjFe65ba9LcAX2-bnTAKiMY5hg\/s16000\/graphicator.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":26898,"url":"https:\/\/kalilinuxtutorials.com\/graphcrawler\/","url_meta":{"origin":10044,"position":3},"title":"GraphCrawler : GraphQL Automated Security Testing Toolkit","author":"R K","date":"September 13, 2022","format":false,"excerpt":"Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. Version 1.2 is out NEW: Can search for endpoints for you using Escape Technology's powerful\u00a0Graphinder\u00a0tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular directories for\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjBxFvhS5ATOMbKh9F3XZRqsuPAzuTmEIkyOudYJ55lEdyVsSdbYDWGGnN0c3KkQ9Dzn7dgx6ahrzmDVUswDbTJFuX1kIpIQx4a2P5tnqL--CyneE-fcTfVmjiKz6JWTfR8winycOVC5zIfDXWnEHPjo7D_8_nAJF04-5v3TCm8xoYPx-87iBX3gTG4\/s728\/1%20%283%29.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjBxFvhS5ATOMbKh9F3XZRqsuPAzuTmEIkyOudYJ55lEdyVsSdbYDWGGnN0c3KkQ9Dzn7dgx6ahrzmDVUswDbTJFuX1kIpIQx4a2P5tnqL--CyneE-fcTfVmjiKz6JWTfR8winycOVC5zIfDXWnEHPjo7D_8_nAJF04-5v3TCm8xoYPx-87iBX3gTG4\/s728\/1%20%283%29.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjBxFvhS5ATOMbKh9F3XZRqsuPAzuTmEIkyOudYJ55lEdyVsSdbYDWGGnN0c3KkQ9Dzn7dgx6ahrzmDVUswDbTJFuX1kIpIQx4a2P5tnqL--CyneE-fcTfVmjiKz6JWTfR8winycOVC5zIfDXWnEHPjo7D_8_nAJF04-5v3TCm8xoYPx-87iBX3gTG4\/s728\/1%20%283%29.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjBxFvhS5ATOMbKh9F3XZRqsuPAzuTmEIkyOudYJ55lEdyVsSdbYDWGGnN0c3KkQ9Dzn7dgx6ahrzmDVUswDbTJFuX1kIpIQx4a2P5tnqL--CyneE-fcTfVmjiKz6JWTfR8winycOVC5zIfDXWnEHPjo7D_8_nAJF04-5v3TCm8xoYPx-87iBX3gTG4\/s728\/1%20%283%29.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":30061,"url":"https:\/\/kalilinuxtutorials.com\/clairvoyance-unmasking-hidden-graphql-schemas\/","url_meta":{"origin":10044,"position":4},"title":"Clairvoyance &#8211; Unmasking Hidden GraphQL Schemas","author":"Varshini","date":"September 7, 2023","format":false,"excerpt":"Clairvoyance is a game-changer for GraphQL API developers. This tool gets the GraphQL API schema from sites where introspection is turned off and displays it in a user-friendly JSON format. Learn how to install it, how to use it in more advanced ways, and how to get help from a\u2026","rel":"","context":"In &quot;Web Application Security&quot;","block_context":{"text":"Web Application Security","link":"https:\/\/kalilinuxtutorials.com\/category\/web-application-security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizO7Fj0quBI9utQX3O3IRJeryy8j-Nk1qPMQmSoYINchMyGskiksNLTv1NX1qQX60uUNQLfwU89mplltO3Bo8j7uJJQDk8INaCIY-Huw911KcUx1LqQpHtgdF7NgLk9dCkBvrDTQ9sRUfI714oU4eTWHOe2sSvChL7ZplYnwhGcj4pR4gqVkUo2951rA\/s16000\/Clairvoyance%20-%20Unmasking%20Hidden%20GraphQL%20Schemas.webp?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizO7Fj0quBI9utQX3O3IRJeryy8j-Nk1qPMQmSoYINchMyGskiksNLTv1NX1qQX60uUNQLfwU89mplltO3Bo8j7uJJQDk8INaCIY-Huw911KcUx1LqQpHtgdF7NgLk9dCkBvrDTQ9sRUfI714oU4eTWHOe2sSvChL7ZplYnwhGcj4pR4gqVkUo2951rA\/s16000\/Clairvoyance%20-%20Unmasking%20Hidden%20GraphQL%20Schemas.webp?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizO7Fj0quBI9utQX3O3IRJeryy8j-Nk1qPMQmSoYINchMyGskiksNLTv1NX1qQX60uUNQLfwU89mplltO3Bo8j7uJJQDk8INaCIY-Huw911KcUx1LqQpHtgdF7NgLk9dCkBvrDTQ9sRUfI714oU4eTWHOe2sSvChL7ZplYnwhGcj4pR4gqVkUo2951rA\/s16000\/Clairvoyance%20-%20Unmasking%20Hidden%20GraphQL%20Schemas.webp?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEizO7Fj0quBI9utQX3O3IRJeryy8j-Nk1qPMQmSoYINchMyGskiksNLTv1NX1qQX60uUNQLfwU89mplltO3Bo8j7uJJQDk8INaCIY-Huw911KcUx1LqQpHtgdF7NgLk9dCkBvrDTQ9sRUfI714oU4eTWHOe2sSvChL7ZplYnwhGcj4pR4gqVkUo2951rA\/s16000\/Clairvoyance%20-%20Unmasking%20Hidden%20GraphQL%20Schemas.webp?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":12156,"url":"https:\/\/kalilinuxtutorials.com\/damn-vulnerable-graphql-application\/","url_meta":{"origin":10044,"position":5},"title":"Damn Vulnerable GraphQL Application","author":"R K","date":"February 19, 2021","format":false,"excerpt":"Damn Vulnerable GraphQL Application is an intentionally vulnerable implementation of Facebook's GraphQL technology, to learn and practice GraphQL Security. About DVGA Damn Vulnerable GraphQL is a deliberately weak and insecure implementation of GraphQL that provides a safe environment to attack a GraphQL application, allowing developers and IT professionals to test\u2026","rel":"","context":"In &quot;Kali Linux&quot;","block_context":{"text":"Kali Linux","link":"https:\/\/kalilinuxtutorials.com\/category\/kali\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10044","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/comments?post=10044"}],"version-history":[{"count":0,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/posts\/10044\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media\/16209"}],"wp:attachment":[{"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/media?parent=10044"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/categories?post=10044"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kalilinuxtutorials.com\/wp-json\/wp\/v2\/tags?post=10044"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}