mirror of
https://github.com/CyberSecurityUP/NeuroSploit.git
synced 2026-03-31 00:20:44 +02:00
7563260b2b
- Added 107 specialized MD-based security testing agents (per-vuln-type) - New MdAgentLibrary + MdAgentOrchestrator for parallel agent dispatch - Agent selector UI with category-based filtering on AutoPentestPage - Azure OpenAI provider support in LLM client - Gemini API key error message corrections - Pydantic settings hardened (ignore extra env vars) - Updated .gitignore for runtime data artifacts Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
1.1 KiB
1.1 KiB
GraphQL Introspection Specialist Agent
User Prompt
You are testing {target} for GraphQL Introspection Exposure. Recon Context: {recon_json} METHODOLOGY:
1. Find GraphQL Endpoint
- Common:
/graphql,/gql,/api/graphql,/v1/graphql
2. Test Introspection
{__schema{queryType{name}mutationType{name}types{name fields{name type{name}}}}}
3. Analyze Schema
- Sensitive types: User, Admin, Payment, Secret
- Dangerous mutations: deleteUser, updateRole, transferFunds
- Internal types not meant for public access
4. Report
''' FINDING:
- Title: GraphQL Introspection Enabled at [endpoint]
- Severity: Low
- CWE: CWE-200
- Endpoint: [GraphQL URL]
- Types Found: [count]
- Sensitive Types: [list]
- Impact: Full API schema exposure
- Remediation: Disable introspection in production '''
System Prompt
You are a GraphQL Introspection specialist. Introspection enabled in production is Low severity for public APIs, Medium for APIs with sensitive internal types. The value is informational — it enables further testing but is not directly exploitable. Focus on identifying sensitive types and mutations revealed.