https://hackerone.com/reports/1000567

https://hackerone.com/reports/887321

https://hackerone.com/security

https://meyerweb.com/eric/tools/dencoder

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch09/websockets_hijack.html

https://cloud.google.com/compute/docs/metadata/overview

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instancedata-data-retrieval.html

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch09/get_csrf_submit_auto.html

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch09/post_csrf_submit_auto.html

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch09/post_csrf_submit.html

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch08/paste_from_file.txt

https://graphql.org/code/#javascript-client

https://xsshunter.com

https://gtfobins.github.io

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch07/starwars-schema.json

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/queries/introspection_query.txt

https://jwt.io

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch07/password-brute-force.graphql

https://github.com/graphql-community/graphql-directive-auth

https://www.graphql-shield.com/docs/rules#logic-rules

https://www.the-guild.dev

https://github.com/autom8ter/oauth-graphql-ide

https://www.iana.org/assignments/media-types/media-types.xhtml

https://datatracker.ietf.org/doc/html/rfc6749

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/resources/non-production-graphql-urls.txt

https://github.com/nicholasaleks/graphql-threat-matrix

https://ivangoncharov.github.io/graphql-voyager

http://lab.blackhatgraphql.com:9000

https://graphql-rules.com/rules/naming

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/array_based_circular_queries.py

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/array_based_batch_query.py

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/exploit_directive_overloading.py

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/exploit_threaded_field_dup.py

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/field-duplication.graphql

https://spec.graphql.org/October2021/#sec-Schema-Introspection.Schema-Introspection-Schema

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/unsafe-circular-query.graphql

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/safe-circular-query.graphql

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/sdl.graphql

https://github.com/nicholasaleks/graphql-threat-matrix/blob/master/implementations/graphene.md

http://lab.blackhatgraphql.com:9001

https://github.com/anvilco/spectaql

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch04/sdl.graphql

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch04/common-graphql-endpoints.txt

https://github.com/graphql/graphql-js

https://github.com/webonyx/graphql-php

https://github.com/graphql/graphql-wg/blob/main/rfcs/DeferStream.md

https://github.com/graphql/graphql-spec/issues/204

https://github.com/Urigo/graphql-scalars

https://portswigger.net/web-security/websockets/what-are-websockets

https://github.com/dolevf/Black-Hat-GraphQL.git

https://github.com/EnableSecurity/wafw00f

https://portswigger.net/bappstore

https://portswigger.net/burp/documentation/desktop/penetration-testing

https://portswigger.net

https://pastebin.com

https://github.com/dolevf/Damn-Vulnerable-GraphQL-Application

https://www.docker.com

https://altair.sirmuel.design/docs/features

https://altair.sirmuel.design/#download

https://www.kali.org/docs/installation

https://www.kali.org/get-kali

https://offensive-security.com

https://www.virtualbox.org/wiki/Linux_Downloads

https://www.virtualbox.org/wiki/Downloads

https://exploit-db.com

http://lab.blackhatgraphql.com/graphiql

http://lab.blackhatgraphql.com/start

https://relay.dev

https://www.apollographql.com/docs/react/

https://graphql.org/foundation/

https://github.com/dolevf/Black-Hat-GraphQL

https://www.youtube.com/watch?v=nPB8o0cSnvM

https://www.youtube.com/watch?v=bCfKqPnt_8Y

https://www.youtube.com/watch?v=EVRf708-zq4

https://www.youtube.com/watch?v=aI-wI14D1nw

https://www.youtube.com/watch?v=NPDp7GHmMa0

https://www.youtube.com/watch?v=OQCgmftU-Og

https://www.youtube.com/watch?v=Wb0BO8J7024

https://www.youtube.com/watch?v=jyjGneKJynk

https://github.com/righettod/poc-graphql

https://github.com/0xbigshaq/hackmegraph

https://github.com/david3107/graphql-security-labs

https://attackdefense.com/challengedetailsnoauth?cid=1991

https://tryhackme.com

https://0xn3va.gitbook.io/cheat-sheets/web-application/graphql-vulnerabilities

https://blog.yeswehack.com/yeswerhackers/how-exploit-graphql-endpoint-bug-bounty

https://blog.doyensec.com/2018/05/17/graphql-security-overview.html

https://github.com/cyprosecurity/API-SecurityEmpire

https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/graphql

https://cheatsheetseries.owasp.org/cheatsheets/GraphQL_Cheat_Sheet.html

https://hackerone.com/reports/1122408

https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2020/CVE-2020-9483.yaml

https://hackerone.com/reports/435066

https://github.com/enisdenjo/graphql-ws

https://hackerone.com/reports/862835

http://nostarch.com

https://github.com/dolevf/Black-Hat-GraphQLen-US.

https://github.com/en-USgraphql/graphql-jsen-US

https://en-USgraphql.org/foundation/en-US

https://www.apollographql.com/docs/reacten-US

http://lab.blackhatgraphql.com/rest/v1/usersen-US[en-US

http://example.com

http://lab.blackhatgraphql.com/rest/v1/history/1en-US--snip--en-US[

http://lab.blackhatgraphql.com/starten-US.

http://lab.blackhatgraphql.com/graphiqlen-US.

https://www.virtualbox.org/wiki/en-USDownloadsen-US

http://en-US.virtualbox.org/wiki/Linux_Downloadsen-US.

https://www.kali.org/get-kalien-US.

https://www.kali.org/docs/installationen-US.en-USAfter

https://altair.sirmuel.design/#downloaden-US,

http://lab.blackhatgraphql.com/graphqlen-US.

https://altair.sirmuel.design/docs/featuresen-US.en-USNOTEen-US

https://en-USgithub.com/dolevf/Damn-Vulnerable-GraphQL-Applicationen-US.

https://github.com/dolevf/Damn-Vulnerable-G

http://app.py

https://en-USportswigger.net/burp/documentation/desktop/penetration-testingen-US

https://github.com/nikitastupin/clairvoyance.giten-US#

http://__main__.py

https://github.com/doyensec/inql.giten-US#

http://setup.py

http://en-US.net/bappstoreen-US

https://github.com/EnableSecurity/wafw00fen-US

https://github.com/dolevf/graphw00f.giten-US#

http://main.py

https://github.com/assetnote/batchql.giten-USVerify

http://batch.py

https://example.com/grap

https://github.com/dolevf/nmap-graphql-introspection-nse.giten-US#

https://nmap.org

https://nmap.org/nsedoc/scripts/graphql-introspection.htmlen-USIdentifies

https://graphql.org/learn/introspection/en-USCommixen-USCommand

https://gitlab.com/dee-see/graphql-path-enum/-/jobs/artifacts/v1.1

https://github.com/dolevf/graphql-cop.giten-US#en-US

http://graphql-cop.py

https://github.com/nicholasaleks/CrackQL.giten-US#en-US

http://CrackQL.py

https://github.com/dolevf/en-US

https://portswigger.net/web-security/websockets/en-USwhat-are-websocketsen-US.en-USBecause

https://github.com/Urigo/graphql-scalarsen-US

https://github.com/graphql/graphql-spec/en-USissues/204en-US

https://github.com/graphql/graphql-wg/blob/en-USmain/rfcs/DeferStream.mden-US

https://tools.ietf.org/html/rfc4122

https://github.com/nicholasaleks/graphql-threaten-US

https://github.com/webonyx/en-USgraphql-phpen-US

http://en-US.com/graphql/graphql-jsen-US

http://GraphQLView.as

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/en-US

https://graphql.org/learn/introspection/en-USListing

https://github.com/dolevf/Black-Hat-GraphQL/blob/en-USmaster/queries/introspection_query.txten-US.

http://en-US.io/graphql-voyageren-US

http://en-US.com/dolevf/Black-Hat-GraphQL/blob/master/ch04/sdl.graphqlen-US.

https://github.com/anvilco/spectaqlen-US

https://apache.org/en-USHTTP/2

https://github.com/nicholasaleksen-US

https://github.com/nicholasaleks/graphql-threat-matrix/en-USblob/master/implementations/graphene.mden-US.en-USFigure

https://en-USgithub.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/sdl.graphqlen-US.

http://en-USivangoncharov.github.io/graphql-voyageren-US

https://en-USgithub.com/dolevf/Black-Hat-GraphQL/blob/master/queries/introspection_query.txten-US

https://en-USgithub.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/safe-circular-query.graphqlen-US.

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/ch05/en-USunsafe-circular-query.graphqlen-US.

https://spec.graphql.org/October2021/#sec-Schema-Introspectionen-US

https://github.com/dolevf/Black-Hat-GraphQL/en-USblob/master/ch05/

http://requests.post

http://r.elapsed.total

https://github.com/dolevf/Black-Hat-GraphQL/en-USblob/master/ch05/exploit_threaded_

http://exploit_threaded_field_dup.py

https://github.com/dolevf/Blacken-US

http://exploit_directive_overloading.py

https://github.com/en-USdolevf/Black-Hat-GraphQL/blob/master/ch05/array_based_batch_query.pyen-US.en-USSave

https://github.com/dolevf/Black-Hat-GraphQL/blob/

https://github.com/nicholasaleks/en-USgraphql-threat-matrixen-US

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/resources/en-USnon-production-graphql-urls.txten-US.en-USIf

https://graphql-rules.com/rules/namingen-US.en-USStuf

https://github.com/nicholasaleks/high-frequency-vocabularyen-USNow

http://en-US.io/graphql-voyageren-US,

http://sqlalche.me/e/13/gkpj

https://github.com/nicholasaleks/graphql-threat-matrixen-US

http://example.com/graphql?debug=1en-USDevelopers

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/resources/non-productionen-US

https://en-USdatatracker.ietf.org/doc/html/rfc6749en-US.en-USImagine

https://www.iana.org/assignments/en-USmedia-types/media-types.xhtmlen-US.

https://en-USgithub.com/autom8ter/oauth-graphql-ideen-US.en-USGraphQL

https://www.graphql-shield.com/en-USdocs/rules#logic-rulesen-US.en-USSchema

https://github.com/graphql-community/en-USgraphql-directive-authen-US

https://github.com/en-USdolevf/Black-Hat-GraphQL/blob/master/ch07/password-brute-force.graphqlen-US.en-USEach

http://en-US.com/dolevf/Black-Hat-GraphQL/blob/master/queries/introspection_query.txten-US

https://en-USgithub.com/dolevf/Black-Hat-GraphQL/blob/master/ch07/starwars-schema.jsonen-US.en-USBrute-Forcing

http://example.com/file.zip

http://config.py

http://requirements.txten-USsetup.py

http://helpers.run

http://en-UShelpers.run

http://example.com/graphql?query=query%20%7B%0A%20%20hello

http://example.com/graphql?query=query

https://graphql.org/en-UScode/#javascript-clienten-US.en-USTesting

https://github.com/dolevf/Black-Hat-GraphQL/blob/master/en-USch08/paste_from_

https://github.com/en-USdolevf/Black-Hat-GraphQL/blob/master/ch09/post_csrf_submit.htmlen-US.

https://github.com/dolevf/en-USBlack-Hat-GraphQL/blob/master/ch09/post_csrf_submit_auto.htmlen-US

https://github.com/dolevf/Black-Haten-US

http://lab.blackhatgraphql.com/cat.pngen-US

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/en-USinstancedata-data-retrieval.htmlen-US

http://en-US.google.com/compute/docs/metadata/overviewen-US.en-USAttackers

http://en-US.blackhatgraphql.com/cat.pngen-US,

https://pastebin.com/en-USraw/LQ6u1qyien-US.

http://pastebin.com

https://pastebin.com:443/en-USraw/LQ6u1qyien-US

https://github.com/dolevf/en-USBlack-Hat-GraphQL/blob/master/ch09/websockets_hijack.htmlen-US

http://event.data

http://en-US.com/eric/tools/dencoderen-US

http://sys.stdin.read

https://hackerone.com/securityen-US.en-USIn

http://en-US.com/reports/887321en-US

https://hackerone.com/reports/1000567en-US

http://en-USgitlab.com/gitlab-org/gitlab/-/issues/30096en-US

https://hackerone.com/en-USreports/1192460en-US

https://hackerone.com/reports/980511en-US

https://hackerone.com/reports/342978en-US

http://en-UShackerone.com/reports/633001en-US

https://en-USdocs.gitlab.com/ee/api/graphql/referenceen-US.en-USDisclosing

https://hackerone.com/reports/707433en-US

https://hackerone.com/reports/862835en-US

https://github.com/enisdenjo/graphql-wsen-US

https://hackerone.com/reports/435066en-US

http://e.cause.is

https://hackerone.com/graphql

https://github.com/projectdiscovery/en-USnuclei-

http://blackhatgraphql.com/graphql?endpoint=http://en-USattacker.com/graphql?query={__typename}en-US.

https://hackerone.com/reports/1122408en-US

https://gitlab.com/api/graphql/

https://cheatsheetseries.owasp.org/en-US

https://book.hacktricks.xyz/network-servicesen-US

https://github.com/en-UScyprosecurity/API-SecurityEmpireen-US

https://blog.doyensec.com/2018/05/17/graphql-securityen-US

https://blog.yeswehack.com/en-USyeswerhackers/how-exploit-graphql-endpoint-bug-bountyen-US

http://en-US.io/cheat-sheets/web-application/graphql-vulnerabilitiesen-US

https://attackdefense.com/challengedetailsen-USnoauth?cid=1991en-US

https://github.com/david3107/en-USgraphql-security-labsen-US

https://github.com/0xbigshaq/hackmegraphen-US

https://github.com/righettod/poc-graphqlen-US

http://en-US.youtube.com/watch?v=jyjGneKJynken-US

https://www.youtube.com/watch?ven-US

https://www.youtube.com/watch?v=OQCgmftU-Ogen-US

http://en-US.com/watch?v=NPDp7GHmMa0en-US

https://www.youtube.com/watch?v=aI-wI14D1nwen-US

https://www.youtube.com/watch?v=EVRf708-zq4en-US

https://www.youtube.com/watch?v=bCfKqPnt_8Yen-US

https://www.youtube.com/watch?v=nPB8o0cSnvMen-US

https://nostarch.com/black-hat-graphqlen-US