add timeout, add extra paths

dolevf · Sep 20, 2021 · a6d83f4 · a6d83f4
1 parent 4bed935
commit a6d83f4
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 6 deletions.
diff --git a/graphw00f/helpers.py b/graphw00f/helpers.py
@@ -48,6 +48,7 @@ def draw_art():
 
 def possible_graphql_paths():
   return [
+    '/',
     '/graphql',
     '/graphiql',
     '/v1/graphql',
@@ -60,7 +61,8 @@ def possible_graphql_paths():
     '/api/graphiql',
     '/console',
     '/playground',
-    '/gql'
+    '/gql',
+    '/index.php?graphql'
   ]
 
 def get_engines():

diff --git a/graphw00f/lib.py b/graphw00f/lib.py
@@ -13,11 +13,13 @@ class GraphQLError(Exception):
 class GRAPHW00F:
   def __init__(self, headers,
                      cookies,
+                     timeout,
                      follow_redirects=False):
     self.url = 'http://example.com'
     self.cookies = cookies
     self.headers = headers
-    self.follow_redirects = follow_redirects
+    self.follow_redirects = follow_redirects,
+    self.timeout = timeout
 
   def check(self, url):
     query = '''
@@ -82,6 +84,7 @@ def graph_query(self, url, operation='query', payload={}):
                              cookies=self.cookies,
                              verify=False,
                              allow_redirects=self.follow_redirects,
+                             timeout=self.timeout,
                              json={operation:payload})
       return response.json()
     except:
@@ -505,4 +508,4 @@ def engine_tartiflette(self):
     if error_contains(response, 'syntax error, unexpected IDENTIFIER'):
       return True
 
-    return False
+    return False
diff --git a/main.py b/main.py
@@ -31,6 +31,7 @@ def main():
     parser.add_option('-t', '--target', dest='url', help='target url with the path')
     parser.add_option('-f', '--fingerprint', dest='fingerprint', default=False, action='store_true', help='fingerprint mode')
     parser.add_option('-d', '--detect', dest='detect', default=False, action='store_true', help='detect mode')
+    parser.add_option('-T', '--tim  eout', dest='timeout', default=10, help='timeout')
     parser.add_option('-o', '--output-file', dest='output_file', 
                             help='Output results to a file (CSV)', default=None)
     parser.add_option('-l', '--list', dest='list', action='store_true', default=False, 
@@ -62,11 +63,16 @@ def main():
     if not options.detect and not options.fingerprint:
       parser.print_help()
       sys.exit(1)
-
+
+    if not isinstance(options.timeout, int):
+      options.timeout = 10
+
     g = GRAPHW00F(follow_redirects=options.followredirect,
                   headers=conf.HEADERS,
-                  cookies=conf.COOKIES)
+                  cookies=conf.COOKIES,
+                  timeout=options.timeout)
     url = options.url
+
     url_scheme = urlparse(url).scheme
     url_netloc = urlparse(url).netloc
     detected = False

diff --git a/version.py b/version.py
@@ -1 +1 @@
-VERSION = '1.0.4'
+VERSION = '1.0.5'