A comprehensive security testing tool for GraphQL APIs. This scanner implements ALL known GraphQL vulnerabilities based on OWASP guidelines and latest security research.

# Clone the repository
git clone https://github.com/Sid-Bahuguna/GraphX.git
cd GraphX

# Install dependencies
pip install -r requirements.txt

# Make executable (Linux/macOS)
chmod +x graphql_scanner.py

python graphql_scanner.py -u https://example.com/graphql

python graphql_scanner.py -u https://example.com/graphql --quick

python graphql_scanner.py -u https://api.example.com/graphql \
  -H "Authorization: Bearer YOUR_TOKEN"

python graphql_scanner.py -u https://api.example.com/graphql \
  -H "Authorization: Bearer token123" \
  -H "X-API-Key: key456" \
  -H "User-Agent: SecurityScanner/2.0" \
  --full

• Obtain written permission before scanning
• Comply with all applicable laws
• Follow responsible disclosure practices
• Do not use against production systems without authorization

This tool is for authorized security testing only. Unauthorized use may be illegal. Users are solely responsible for compliance with all applicable laws and regulations.

Contributions welcome! Please:

1. Fork the repository
2. Create feature branch (git checkout -b feature/amazing-feature)
3. Commit changes (git commit -m 'Add amazing feature')
4. Push to branch (git push origin feature/amazing-feature)
5. Open Pull Request

FOR AUTHORIZED SECURITY TESTING ONLY

The authors assume no liability for misuse. Users must:

• Obtain explicit written permission
• Comply with all laws and regulations
• Use responsibly and ethically
• Follow responsible disclosure

• GraphQL Security Best Practices
• GraphQL Authorization Guide
• OWASP GraphQL Cheat Sheet

Built with ❤️ by Sidharth Bahuguna

Version 2.0 - GraphQL Security Scanner

Last Updated: December 2025