graphql-pentest
OfficialFull-spectrum GraphQL API security testing.
Authordreadnode
Version1.0.0
Installs0
System Documentation
What problem does it solve?
Penetration testers and security teams often miss critical GraphQL API vulnerabilities due to ad-hoc testing approaches that fail to cover the full attack surface, including resource abuse, auth flaws, and information disclosure. This Skill eliminates that gap with a structured, repeatable testing workflow.
Core Features & Use Cases
- Complete Attack Surface Coverage: Tests all common GraphQL vulnerability classes including batching DoS, alias amplification, circular fragment crashes (CWE-674), deep nesting, introspection exploitation, and content-type CSRF.
- Backend-Aware Testing: Includes fingerprinting for Apollo Server, graphql-java, Hasura, and Yoga to avoid wasting time on inapplicable attack vectors.
- Use Case: A red team assessing a customer-facing application with a GraphQL API can use this Skill to systematically identify all exploitable flaws, measure DoS impact with timing evidence, and produce validated proof for remediation.
Quick Start
Use the graphql-pentest skill to run a full security assessment of all GraphQL endpoints on your target application, including resource abuse, auth bypass, and information disclosure testing.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: graphql-pentest Download link: https://github.com/dreadnode/capabilities/archive/main.zip#graphql-pentest Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 536,000+ vetted skills library on demand.