0

我正在尝试使用 Python 语言检测 graphql 端点。我是一个绝对的初学者,但我尝试过编写代码。你能建议改变和更好的方法吗?代码:

import requests,urllib,urllib.request
import string
consoleDict = [
    "",
    "/graphql",
    "/graphql/console",
    "graphql.php",
    "graphiql",
    "explorer",
    "altair",
    "/playground"
          ]
for endpoint in consoleDict:
    ep = ' http://159.100.248.211 '
    response = requests.get(ep)
    if response.status_code in [200,403]:
        print("It is a GraphQL endpoint",endpoint)

谢谢 :)

4

1 回答 1

0

即使使用gql,您也需要架构来请求任何内容。如果您不知道,可以使用自省查询:

{
  __schema {
    types {
      name
    }
  }
}

某些端点可能已禁用此功能,但如果您不知道架构,这是一个很好的起点。尝试这样的事情:

import json
import requests
from urllib import parse

paths = [
    "",
    "/graphql",
    "/graphql/console",
    "graphql.php",
    "graphiql",
    "explorer",
    "altair",
    "/playground"
]

query = """{
  __schema {
    types {
      name
    }
  }
}
"""

for path in paths:
    hostname = 'http://159.100.248.211'
    endpoint = parse.urljoin(hostname, path)
    try:
        print(f"Attempt: {endpoint}")
        response = requests.post(endpoint, json={'query': query}, timeout=0.1)
    except Exception:
        print("No GraphQL endpoint found")
    else:
        if response.status_code == 200:
            json_data = json.loads(response.text)
            if json_data.get('data'):
                print("It is a GraphQL endpoint",endpoint)

让 mw 知道这是否有效

于 2020-07-11T23:16:54.020 回答