30 open-source projects similar to assetnote/batchql, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Batchql alternative.
Obtain GraphQL API schema even if the introspection is disabled
InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
JWT brute force cracker written in C
graphw00f is GraphQL Server Engine Fingerprinting utility for software security professionals looking to learn more about what technology is behind a given GraphQL endpoint.
go-fuzz is a coverage-guided randomized testing tool for identifying crashes and logic bugs in Go code. It consists of a fuzzer that evolves random inputs based on code execution paths, an instrumentation tool that produces binaries for tracking coverage, and a seed corpus manager. The tool utilizes compile-time binary instrumentation to monitor branch coverage and employs a feedback-driven mutation loop to prioritize inputs that reach new sections of the codebase. It includes capabilities for comparative differential testing to identify logic errors by executing different implementations of
A fast tool to scan CRLF vulnerability written in Go
Feroxbuster is an HTTP directory brute forcer and web resource enumerator designed to discover hidden files and directories on web servers. It functions as a recursive URL scanner that identifies unlinked endpoints and API resources by combining wordlist-based scanning with automated crawling. The tool operates as a proxy-aware fuzzer, allowing network requests to be routed through HTTP or SOCKS proxies for traffic interception or anonymity. It utilizes recursive directory crawling to automatically queue discovered paths and find nested content. The system includes capabilities for discovery
Blazing fast GraphQL discovery & fingerprinting toolbox.
🕸️ Blazing fast GraphQL endpoints finder using subdomain enumeration, scripts analysis and bruteforce. 🕸️
🛡️ The missing GraphQL security security layer for Apollo GraphQL and Yoga / Envelop servers 🛡️
This tool is a command-line utility designed for automated web resource discovery, fuzzing, and application structure mapping. It functions as a security-focused scanner that identifies hidden files, directories, parameters, and virtual hosts by injecting payloads into HTTP requests. By systematically testing how servers handle various inputs, it assists in mapping the architecture of web applications and uncovering potential security vulnerabilities. The tool distinguishes itself through a highly concurrent engine that manages asynchronous request execution and recursive job orchestration. I
Syzkaller is an unsupervised, coverage-guided kernel fuzzer that automatically generates and mutates system call sequences to find bugs in operating system kernels. It operates without human intervention, using a closed feedback loop of input generation, execution, crash detection, and corpus refinement to continuously explore kernel code paths. The fuzzer distinguishes itself by supporting multiple operating system kernels, including Linux, FreeBSD, and Windows, through per-platform syscall harnesses that abstract system call interfaces behind a common driver. It uses declarative description
GraphQL Playground is an interactive development environment and API client used for writing, testing, and debugging GraphQL queries, mutations, and subscriptions. It functions as a visual tool for executing requests against a GraphQL server and inspecting the resulting JSON responses. The project includes a documentation browser for exploring schemas and an editor with autocompletion and error highlighting. It provides specialized capabilities for analyzing API performance through tracing visualization and supports real-time data updates via subscription streaming. The environment allows fo
Hashcat is a high-performance hash cracking software and OpenCL compute application used to recover plain-text passwords from hashed data. It functions as a GPU-accelerated recovery tool and distributed password cracker, leveraging CPUs and GPUs to perform intensive cryptographic computations. The system differentiates itself through a distributed cracking workflow that coordinates tasks across multiple machines via an overlay network to share computational load. It further optimizes recovery speed using Markov chain keyspace optimization to prioritize the most likely password candidates. Th
A fork and successor of the Sulley Fuzzing Framework
An automated SSRF finder. Just give the domain name and your server and chill! ;) Also has options to find XSS and open redirects
Simple HS256, HS384 & HS512 JWT token brute force cracker.
GraphQL threat framework used by security professionals to research security gaps in GraphQL implementations