performing-graphql-introspection-attack

What problem does it solve?

Exposes whether a GraphQL endpoint leaks its full schema and identifies sensitive types, fields, queries, and mutations that increase attack surface. It helps testers discover introspection-enabled endpoints, detect schema reconstruction via error messages, and determine protections (depth/complexity limits, batching support, field-level authorization) to prevent data exposure and DoS.

Core Features & Use Cases

• Full Schema Extraction: Runs standard introspection to retrieve queries, mutations, types, interfaces, enums, and directives when enabled.
• Schema Reconstruction & Brute-Forcing: Uses error suggestions and field wordlists to discover schema elements when introspection is disabled.
• Attack Simulations: Tests query depth, alias-based batching, wide/duplicate-field queries, circular fragments, and batched requests to evaluate DoS and rate-limit bypass vectors.
• Sensitive Field Detection: Scans extracted schemas for common sensitive field patterns (password, token, secret, apiKey, etc.) and highlights risky mutations.
• Use Case: Assess an e-commerce GraphQL API to find exposed admin mutations, user PII leaks, missing depth limits, and batching vulnerabilities that could enable credential brute-force or resource exhaustion.

Quick Start

Run the performing-graphql-introspection-attack skill against the target GraphQL endpoint with a valid authorization header to extract the schema and run depth, batch, and sensitive-field checks.