Merge pull request #15 from halfluke/main

multiple headers, increased GET timeout, for_loop search for Graphiql…
dolevf · Aug 29, 2022 · 497ab18 · 497ab18
2 parents 8788e5c + 2c5a3f8
commit 497ab18
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 16 deletions.
diff --git a/graphql-cop.py b/graphql-cop.py
@@ -25,7 +25,7 @@
 
 parser = OptionParser(usage='%prog -t http://example.com -o json')
 parser.add_option('-t', '--target', dest='url', help='target url with the path')
-parser.add_option('-H', '--header', dest='header', help='Append Header to the request \'{"Authorization": "Bearer eyjt"}\'')
+parser.add_option('-H', '--header', dest='header', action='append', help='Append Header(s) to the request \'{"Authorization": "Bearer eyjt"}\' - Use multiple -H for multiple Headers')
 parser.add_option('-o', '--output', dest='format',
                         help='json', default=False)
 parser.add_option('--proxy', '-x', dest='proxy', action='store_true', default=False,
@@ -54,8 +54,9 @@
 
 if options.header != None:
     try:
-        extra_headers = loads(options.header)
-        HEADERS.update(extra_headers)
+        for l in options.header:
+            extra_headers = loads(l)
+            HEADERS.update(extra_headers)
     except:
         print("Cannot cast %s into header dictionary. Ensure the format \'{\"key\": \"value\"}\'."%(options.header))
 

diff --git a/lib/tests/info_graphiql.py b/lib/tests/info_graphiql.py
@@ -15,19 +15,23 @@ def detect_graphiql(url, proxy, headers):
   }
 
   heuristics = ('graphiql.min.css', 'GraphQL Playground', 'GraphiQL', 'graphql-playground')
-  endpoints = ['/graphiql', '/playground', '/console', '/graphql']
+  endpoints = ['graphiql', 'playground', 'console', 'graphql']
 
   parsed = urlparse(url)
-  url = '{}://{}'.format(parsed.scheme, parsed.netloc)
 
-  for endpoint in endpoints:
-    response = request(url + endpoint, proxies=proxy, headers=headers)
-    res['curl_verify'] = curlify(response)
-    try:
-      if response and any(word in response.text for word in heuristics):
-        res['result'] = True
-        break
-    except:
-      pass
+  truepath = ""
+  pathlist = parsed.path.split('/')
+  for p in range(0, len(pathlist)):
+    truepath += pathlist[p] + '/'
+    url = '{}://{}{}'.format(parsed.scheme, parsed.netloc, truepath)
+    for endpoint in endpoints:
+      response = request(url + endpoint, proxies=proxy, headers=headers)
+      res['curl_verify'] = curlify(response)
+      try:
+        if response and any(word in response.text for word in heuristics):
+          res['result'] = True
+          break
+      except:
+        pass
 
   return res
diff --git a/lib/utils.py b/lib/utils.py
@@ -60,7 +60,7 @@ def request(url, proxies, headers, params=None, data=None, verb='GET'):
                             verify=False,
                             allow_redirects=True,
                             proxies=proxies,
-                            timeout=5,
+                            timeout=20,
                             data=data)
     return response
   except:

diff --git a/version.py b/version.py
@@ -1,2 +1,2 @@
 """Version details of graphql-cop."""
-VERSION = '1.7'
+VERSION = '1.8'