A vulnerable graphQL application, for testing purposes

Vulnerable-GoQL

Vulnerable-GoQL is an web API which implements main security breach.

Contributing

  • Thomas Chastaingt @thomas-chastaingt
  • Sophie Boulaaouli @sophiebl

Requirements

Make sure the following dependencies are installed:

Running

Start the backend (http://localhost:3000):

$ cd vulnql/server
$ go mod download
$ go run main.go

Start the frontend (http://localhost:8080/):

$ vulnql/client
$ npm run serve

Codebase

Technologies

Here is a list of all the big technologies we use:

- Go (backend)
- Vue (frontend)
- GraphQL (data modeling)

Back-end structure

.
├── _app
│   └── config.go
├── _bin
├── _database
│   └── database.go
├── _scripts
│   ├── run_mac.sh
│   └── run_linux.sh
├── _graphql
│   ├── _mutations
│   │   ├── mutations.go
│   │   └── user.go
│   └── _queries
│       ├── queries.go
│       └── user.go
├── _security
│   └── security.go
├── _types
│   ├── role.go
│   └── user.go
└── main.go
Owner
Escape
API Discovery and Security Testing using Machine Learning
Escape
https://github.com/Escape-Technologies/VulnQL
Similar Resources

kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA

kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA

Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by to NSA and CISA Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

Jan 8, 2023

BadActor.org An in-memory application driven jailer written in Go

BadActor.org An in-memory application driven jailer written in Go

BadActor BadActor is an in-memory, application driven jailer built in the spirit of fail2ban. A middleware with the primary goal to increase the expen

Dec 16, 2022

A rest application to update firewalld rules on a linux server

Firewalld-rest A REST application to dynamically update firewalld rules on a linux server. Firewalld is a firewall management tool for Linux operating

Jan 2, 2023

Open Source Web Application Firewall

Open Source Web Application Firewall

DEPRECATED This repository started as a good idea but I didn't have enough time or desire to work on it. So, it's left here for historical / education

Nov 24, 2022

Sqreen's Application Security Management for the Go language

Sqreen's Application Security Management for the Go language

Sqreen's Application Security Management for Go After performance monitoring (APM), error and log monitoring it’s time to add a security component int

Dec 27, 2022

Coraza WAF is a golang modsecurity compatible web application firewall library

Coraza WAF is a golang modsecurity compatible web application firewall library

Coraza Web Application Firewall, this project is a Golang port of ModSecurity with the goal to become the first enterprise-grade Open Source Web Application Firewall, flexible and powerful enough to serve as the baseline for many projects.

Jan 9, 2023

2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.

2FA (Two-Factor Authentication) application for CLI terminal with support to import/export andOTP files.

zauth zauth is a 2FA (Two-Factor Authentication) application for terminal written in Go. Features Supports both TOTP and HOTP codes. Add new entries d

Nov 27, 2022

Example mini project golang scanner application

Example mini project golang scanner application

Golang Scanner Contoh pembuatan aplikasi Java menggunakan BlueJ cek disini, tetapi berikut ini adalah versi rebuild dari Java ke Golang, dengan menggu

Nov 19, 2022

Akuma Scan comes with the purpose of scanning/detecting WAF (Web Application Firewall) on a certain website. Made to be easy, accurate and agile.

.m. ,_ ' ;M; ,;m ` ;M;.

Mar 21, 2022
Related tags
Security VulnQL
Scans files for .jars potentially vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths inside the .jar.

log4shelldetect Scans a file or folder recursively for jar files that may be vulnerable to Log4Shell (CVE-2021-44228) by inspecting the class paths in

Dec 15, 2022
Simple local scanner for vulnerable log4j instances

Simple local log4j vulnerability scanner (Written in Go because, you know, "write once, run anywhere.") This is a simple tool that can be used to find

Dec 21, 2022
Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions

ec2-log4j-scan Scan all AWS EC2 instances in a region for potentially vulnerable log4j versions. This is a clumsy but effective tool which takes outpu

Dec 28, 2021
WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions

Log4jDetect WhiteSource Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following kn

Nov 20, 2022
Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)
 Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228)

Look4jar Look for JAR files that vulnerable to Log4j RCE (CVE‐2021‐44228) Objectives It differs from some other tools that scan for vulnerable remote

Dec 25, 2022
Find vulnerable versions of Log4j on Linux

log4jtool Find vulnerable versions of Log4j on Linux This tool does not change a

Jan 14, 2022
Log4j detector and reporting server for scalable detection of vulnerable running processes.

Log4j Detector A client and reporting server to identify systems vulnerable to Log4j at scale. This work is based on Stripe's Remediation Tools, but w

Apr 8, 2022
Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Finds an identifiable hash value for each version of GitLab vulnerable to CVE-2021-22205

Sep 20, 2022
A web-based testing platform for WAF (Web Application Firewall)'s correctness

WAFLab ?? WAFLab is a web-based platform for testing WAFs. Live Demo https://waflab.org/ Architecture WAFLab contains 2 parts: Name Description Langua

Oct 25, 2022
Declarative penetration testing orchestration framework

Decker - Penetration Testing Orchestration Framework Purpose Decker is a penetration testing orchestration framework. It leverages HashiCorp Configura

Nov 10, 2022