add force option

dolevf · Nov 3, 2022 · a171a6e · a171a6e
1 parent b5de52b
commit a171a6e
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -37,12 +37,16 @@ Usage: graphql-cop.py -t http://example.com -o json
 
 Options:
   -h, --help            show this help message and exit
-  -t URL, --target=URL  target url with the path
+  -t URL, --target=URL  target url with the path - if a GraphQL path is not
+                        provided, GraphQL Cop will iterate through a series of
+                        common GraphQL paths
   -H HEADER, --header=HEADER
-                        Append Header to the request '{"Authorization":
-                        "Bearer eyjt"}'
-  -o OUTPUT_JSON, --output=OUTPUT_JSON
-                        Output results to stdout (JSON)
+                        Append Header(s) to the request '{"Authorization":
+                        "Bearer eyjt"}' - Use multiple -H for additional
+                        Headers
+  -o FORMAT, --output=FORMAT
+                        json
+  -f, --force           Forces a scan when GraphQL cannot be detected
   -x, --proxy           Sends the request through http://127.0.0.1:8080 proxy
   -v, --version         Print out the current version and exit
 ```

diff --git a/graphql-cop.py b/graphql-cop.py
@@ -28,6 +28,8 @@
 parser.add_option('-H', '--header', dest='header', action='append', help='Append Header(s) to the request \'{"Authorization": "Bearer eyjt"}\' - Use multiple -H for additional Headers')
 parser.add_option('-o', '--output', dest='format',
                         help='json', default=False)
+parser.add_option('-f', '--force', dest='forced_scan', action='store_true',
+                        help='Forces a scan when GraphQL cannot be detected', default=False)                        
 parser.add_option('--proxy', '-x', dest='proxy', action='store_true', default=False,
                         help='Sends the request through http://127.0.0.1:8080 proxy')
 parser.add_option('--version', '-v', dest='version', action='store_true', default=False,
@@ -87,8 +89,11 @@
 
 for path in paths:
     if not is_graphql(path, proxy, HEADERS):
-        print(path, 'does not seem to be running GraphQL.')
-        continue
+        if not options.forced_scan:
+            print(path, 'does not seem to be running GraphQL. (Consider using -f to force the scan if GraphQL does exist on the endpoint)')
+            continue
+        else:
+            print('Running a forced scan against the endpoint')
     for test in tests:
         json_output.append(test(path, proxy, HEADERS))
 

diff --git a/version.py b/version.py
@@ -1,2 +1,2 @@
 """Version details of graphql-cop."""
-VERSION = '1.11'
+VERSION = '1.12'