Obtain GraphQL API Schema even if the introspection is not enabled
Project description
Clairvoyance
Obtain GraphQL API schema even if the introspection is disabled.
Introduction
Some GraphQL APIs have disabled introspection. For example, Apollo Server disables introspection automatically if the NODE_ENV environment variable is set to production.
Clairvoyance helps to obtain GraphQL API schema even if the introspection is disabled. It produces schema in JSON format suitable for other tools like GraphQL Voyager, InQL or graphql-path-enum.
Getting Started
pip
pip install clairvoyance
clairvoyance https://rickandmortyapi.com/graphql -o schema.json
# should take about 2 minutes
docker
docker run --rm nikitastupin/clairvoyance --help
Advanced Usage
Which wordlist should I use?
There are at least three approaches:
- Use one of the wordlists collected by Escape Technologies
- Use general English words (e.g. google-10000-english).
- Create target specific wordlist by extracting all valid GraphQL names from application HTTP traffic, from mobile application static files, etc. Regex for GraphQL name is
[_A-Za-z][_0-9A-Za-z]*.
Environment variables
LOG_FMT=`%(asctime)s \t%(levelname)s\t| %(message)s` # A string format for logging.
LOG_DATEFMT=`%Y-%m-%d %H:%M:%S` # A string format for logging date.
LOG_LEVEL=`INFO` # A string level for logging.
Support
In case of questions or issues with Clairvoyance please refer to wiki or issues. If this doesn't solve your problem feel free to open a new issue.
Contributing
Pull requests are welcome! For major changes, please open an issue first to discuss what you would like to change. For more information about tests, internal project structure and so on refer to our contributing guide.
Documentation
You may find more details on how the tool works in the second half of the GraphQL APIs from bug hunter's perspective by Nikita Stupin talk.
Contributors
Thanks to the contributors for their work.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file clairvoyance-2.5.4.tar.gz.
File metadata
- Download URL: clairvoyance-2.5.4.tar.gz
- Upload date:
- Size: 55.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
eb1077fbd4f9ee72f98af90d9eab8a62834c77a2212400d70c3906e73dc66469
|
|
| MD5 |
d1c64f46d5b3bf01a77f8dce44df5b18
|
|
| BLAKE2b-256 |
42a384f9c993aae5f7a0ac72e1229573db8c87d2ae229607bfa3742a37e7b0bd
|
File details
Details for the file clairvoyance-2.5.4-py3-none-any.whl.
File metadata
- Download URL: clairvoyance-2.5.4-py3-none-any.whl
- Upload date:
- Size: 58.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
0324d495c83441850ecf59ad61c95bc38a55bd21a9334eac4efa6eaf8471c69e
|
|
| MD5 |
c504afb2f3b7a839881ad0fc08b8a98c
|
|
| BLAKE2b-256 |
5d263e380ffa79b45d72746396af6841f83a3573aa18104a5a565e8087498cd9
|
