diff --git a/README.md b/README.md index 09dc9f3..d3b8beb 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,10 @@ You can also contribute with a :beers: IRL or using Github Sponsoring button. ## Install -```basic -$ git clone https://github.com/swisskyrepo/GraphQLmap -$ python setup.py install -$ graphqlmap +```bash +$ pip3 install pipx +$ pipx ensurepath +$ pipx install git+https://github.com/mxrch/GraphQLmap _____ _ ____ _ / ____| | | / __ \| | | | __ _ __ __ _ _ __ | |__ | | | | | _ __ ___ __ _ _ __ @@ -34,7 +34,7 @@ $ graphqlmap | | | | |_| |_| Author:Swissky Version:1.0 -usage: graphqlmap.py [-h] [-u URL] [-v [VERBOSITY]] [--method [METHOD]] [--headers [HEADERS]] [--json [USE_JSON]] [--proxy [PROXY]] +usage: graphqlmap [-h] [-u URL] [-v [VERBOSITY]] [--method [METHOD]] [--headers [HEADERS]] [--json [USE_JSON]] [--proxy [PROXY]] optional arguments: -h, --help show this help message and exit @@ -48,12 +48,13 @@ optional arguments: Development setup -```ps1 -python -m venv .venv +```bash +# In the project directory +python3 -m venv .venv source .venv/bin/activate -pip install --editable . -pip install -r requirements.txt -./bin/graphqlmap -u http://127.0.0.1:5013/graphql +pip3 install --editable . +pip3 install -r requirements.txt +python3 main.py -u http://127.0.0.1:5013/graphql ``` @@ -122,7 +123,7 @@ GraphQLmap > {doctors(options: 1, search: "{ \"lastName\": { \"$regex\": \"Admin It also works with `mutations`, they must be written in a single line. -```ps1 +```powershell # ./bin/graphqlmap -u http://127.0.0.1:5013/graphql --proxy http://127.0.0.1:8080 --method POST GraphQLmap > mutation { importPaste(host:"localhost", port:80, path:"/ ; id", scheme:"http"){ result }} { diff --git a/graphqlmap/attacks.py b/graphqlmap/attacks.py index 2b29439..3f5ec1d 100644 --- a/graphqlmap/attacks.py +++ b/graphqlmap/attacks.py @@ -1,4 +1,3 @@ -#!/usr/bin/python from graphqlmap.utils import * import re import time diff --git a/bin/graphqlmap b/graphqlmap/cli.py old mode 100755 new mode 100644 similarity index 94% rename from bin/graphqlmap rename to graphqlmap/cli.py index 157acce..57cc41e --- a/bin/graphqlmap +++ b/graphqlmap/cli.py @@ -1,9 +1,7 @@ -#!/usr/bin/env python3 - try: import readline except ImportError: - import pyreadline as readline + import pyreadline3 as readline from graphqlmap.attacks import * import urllib3 @@ -36,9 +34,10 @@ def __init__(self, args_graphql): self.method = args_graphql.method self.headers = None if not args_graphql.headers else json.loads(args_graphql.headers) self.use_json = True if args_graphql.use_json else False - self.proxy = { - "http" : args_graphql.proxy, - } + # self.proxy = { + # "http" : args_graphql.proxy, + # } + self.proxy = args_graphql.proxy while True: query = input("GraphQLmap > ") @@ -74,9 +73,11 @@ def __init__(self, args_graphql): print(self.headers) exec_advanced(self.url, self.method, query, self.headers, self.use_json, self.proxy) - -if __name__ == "__main__": +def main(): readline.set_completer(auto_completer) readline.parse_and_bind("tab: complete") args = parse_args() GraphQLmap(args) + +if __name__ == "__main__": + main() \ No newline at end of file diff --git a/graphqlmap/utils.py b/graphqlmap/utils.py index 8a48628..247ab9d 100644 --- a/graphqlmap/utils.py +++ b/graphqlmap/utils.py @@ -1,8 +1,7 @@ -#!/usr/bin/python import argparse import json -import requests +import httpx cmdlist = ["exit", "help", "dump_via_fragment", "dump_via_introspection", "postgresqli", "mysqli", "mssqli", "nosqli", "mutation", "edges", "node", "$regex", "$ne", "__schema"] @@ -34,21 +33,21 @@ def requester(url, method, payload, proxy, headers=None, use_json=False, is_batc if use_json: new_headers['Content-Type'] = 'application/json' new_data = json.dumps(data) - r = requests.post(url, data=new_data, verify=False, headers=new_headers, proxies=proxy) + r = httpx.post(url, data=new_data, verify=False, headers=new_headers, proxies=proxy) else: data = [] for i in range(is_batch): data.append( {"query": payload} ) - r = requests.post(url, json=data, verify=False, headers=new_headers, proxies=proxy) + r = httpx.post(url, json=data, verify=False, headers=new_headers, proxies=proxy) if r.status_code == 500: print("\033[91m/!\ API didn't respond correctly to a POST method !\033[0m") return None else: - r = requests.get(url + "?query={}".format(payload), verify=False, headers=headers, proxies=proxy) + r = httpx.get(url + "?query={}".format(payload), verify=False, headers=headers, proxies=proxy) return r diff --git a/main.py b/main.py new file mode 100644 index 0000000..51aba0a --- /dev/null +++ b/main.py @@ -0,0 +1 @@ +from graphqlmap.cli import main; main() \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 0b3f576..2060e51 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,3 @@ -pyreadline ; sys_platform == 'win32' +pyreadline3 ; sys_platform == 'win32' readline ; sys_platform !='win32' -requests +httpx diff --git a/setup.py b/setup.py index 8543900..d5b48e1 100644 --- a/setup.py +++ b/setup.py @@ -1,21 +1,35 @@ -import setuptools +from setuptools import setup, find_packages +import platform + with open("README.md", "r") as fh: long_description = fh.read() -setuptools.setup( +dependencies = ['httpx', 'urllib3'] + +if platform.system() == "Windows": + dependencies.append('pyreadline3') +else: + dependencies.append('readline') + +setup( name="graphqlmap", version="0.0.1", description="scripting engine to interact with a GraphQL endpoint for pentesting purposes", long_description=long_description, long_description_content_type="text/markdown", url="https://github.com/swisskyrepo/GraphQLmap", - packages=setuptools.find_packages(), - scripts=["bin/graphqlmap"], + packages=find_packages(include=['graphqlmap', 'graphqlmap.*']), + entry_points={ + 'console_scripts': [ + 'graphqlmap = graphqlmap.cli:main' + ] + }, classifiers=[ "Programming Language :: Python :: 3", "License :: OSI Approved :: MIT License", "Operating System :: OS Independent", ], python_requires='>=3.6', + install_requires=dependencies, ) \ No newline at end of file