Skip to content

Commit

Permalink
Add inigo signature
Browse files Browse the repository at this point in the history
  • Loading branch information
dolevf committed Nov 28, 2024
1 parent c29656d commit 52e25d3
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 3 deletions.
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,6 +68,7 @@ graphw00f currently attempts to discover the following GraphQL engines:
* pg_graphql - Rust
* tailcall - Rust
* Hot Chocolate - Microsoft .NET
* Inigo - Go

# GraphQL Threat Matrix
The graphw00f project uses the [GraphQL Threat Matrix Project](https://github.com/nicholasaleks/graphql-threat-matrix/) as its technology security matrix database. When graphw00f successfully fingerprints a GraphQL endpoint, it will print out the threat matrix document. This document helps security engineers to identify how mature the technology is, what security features it offers, and whether it contains any CVEs.
Expand Down
6 changes: 6 additions & 0 deletions graphw00f/helpers.py
Original file line number Diff line number Diff line change
Expand Up @@ -296,6 +296,12 @@ def get_engines():
'url':'https://chillicream.com/docs/hotchocolate/v13',
'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/hotchocolate.md',
'technology':['C#', '.NET']
},
'inigo':{
'name':'inigo',
'url':'https://inigo.io',
'ref':'https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/inigo.md',
'technology':['Go']
}
}

Expand Down
20 changes: 18 additions & 2 deletions graphw00f/lib.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,9 @@ def check(self, url):

def execute(self, url):
self.url = url
if self.engine_lighthouse():
if self.engine_inigo():
return 'inigo'
elif self.engine_lighthouse():
return 'lighthouse'
elif self.engine_caliban():
return 'caliban'
Expand Down Expand Up @@ -747,4 +749,18 @@ def engine_hotchocolate(self):
if error_contains(response, 'The specified directive `aaa` is not supported by the current schema.'):
return True

return False
return False

def engine_inigo(self):
query = '''
query {
__typename
}
'''
response = self.graph_query(self.url, payload=query)
if 'extensions' in response and 'inigo' in response['extensions']:
return True

return False


2 changes: 1 addition & 1 deletion version.py
Original file line number Diff line number Diff line change
@@ -1 +1 @@
VERSION = '1.1.18'
VERSION = '1.1.19'

0 comments on commit 52e25d3

Please sign in to comment.