CyberStrikeAI/tools/graphql-scanner.yaml

name: "graphql-scanner"
command: "graphqlmap"
enabled: true

short_description: "GraphQL安全扫描和自省工具"

description: |
  高级GraphQL安全扫描和自省工具，用于检测GraphQL API中的安全问题。
  
  **主要功能：**
  - GraphQL自省
  - 查询深度测试
  - 突变操作测试
  - 漏洞评估
  
  **使用场景：**
  - GraphQL安全测试
  - API安全评估
  - 漏洞发现
  - 安全测试

parameters:
  - name: "endpoint"
    type: "string"
    description: "GraphQL端点URL"
    required: true
    flag: "-u"
    format: "flag"
  
  - name: "introspection"
    type: "bool"
    description: "测试自省查询"
    required: false
    default: true
    flag: "--introspection"
    format: "flag"
  
  - name: "query_depth"
    type: "int"
    description: "要测试的最大查询深度"
    required: false
    default: 10
    flag: "--depth"
    format: "flag"
  
  - name: "test_mutations"
    type: "bool"
    description: "测试突变操作"
    required: false
    default: true
    flag: "--mutations"
    format: "flag"

  - name: "additional_args"
    type: "string"
    description: |
      额外的graphql-scanner参数。用于传递未在参数列表中定义的graphql-scanner选项。
      
      **示例值：**
      - 根据工具特性添加常用参数示例
      
      **注意事项：**
      - 多个参数用空格分隔
      - 确保参数格式正确，避免命令注入
      - 此参数会直接追加到命令末尾
    required: false
    format: "positional"