id: graphql-php-detect
info:
  name: Graphql PHP Detect
  author: princechaddha
  severity: info
  reference:
    - https://github.com/dolevf/graphw00f/blob/main/graphw00f/lib.py
  tags: tech,graphql,php

http:
  - method: POST
    path:
      - "{{BaseURL}}/graphql"
      - "{{BaseURL}}/api/graphql"
      - "{{BaseURL}}/query"
      - "{{BaseURL}}/"
    body: '{"query":"query ! {__typename}"}'
    headers:
      Content-Type: application/json
    redirects: true

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200
          - 400

      - type: word
        words:
          - 'Syntax Error: Cannot parse the unexpected character "!".'
        part: body
# digest: 4a0a0047304502200eebe1f165621295c0b78894607b538b5ff6e5792f41bafb9fb521b1342c78ab0221009e33de353773b644df20b90c6ad4eb4ef222c2367314efa5b0fb9ebde1321355:922c64590222798bb761d5b6d8e72950