Welcome to InQL v6.0, a major update for our open-source GraphQL testing tool. This version provides new and improved features designed to enhance your GraphQL testing experience, making it more efficient and effective.

We appreciate your trust in InQL. Happy testing!

InQL v6.0 release is focused on improving performance and overall responsiveness of the tool. The whole project has been rewritten into the Kotlin programming language, resulting in a significant speed increase when parsing large GraphQL schemas.

The version v6.0 also moves away from the soon-to-be-deprecated GQLSpection library. Instead, the tool now uses graphql-java. This shift allows us to concentrate on implementing new security-related features without the added complexity of maintaining the GraphQL parsing library. Additionally, the Java library is faster and more compatible with our Kotlin rewrite.

The new release also brings new important features such as:

• A built-in GraphiQL and GraphQL Voyager servers, enabling schema visualization even when the target system doesn’t expose such interfaces
• A circular references detector to identify potentially vulnerable fields
• An improved batch queries screen
• Speeeeeed! 🚀

The InQL user interface is equipped with two primary components: the Scanner and the Batch Queries tab.

The Scanner is the core of InQL, where you can analyze a GraphQL endpoint or a local introspection schema file. It auto-generates all possible queries, mutations, and subscriptions, organizing them into a structured view for your analysis.

✅ Customizable Scans

InQL offers the flexibility to customize your scans. Adjust the depth of generated queries or the number of spaces used for indentation. You can also perform 'Points of Interest' scans to detect potential vulnerabilities in the GraphQL schema.

✅ Points of Interest Analysis

After running a Points of Interest scan, you are presented with a rich data set covering a variety of potential vulnerabilities. You can enable or disable these categories according to your needs.

✅ Circular References Detection

InQL implements circular reference detection. After analyzing the schema, it displays potentially vulnerable queries in the scanner results view.

✅ Enhanced Interactions with Burp

InQL seamlessly integrates with Burp, enabling you to generate queries directly from any GraphQL request in Burp. You can also send auto-generated queries to other Burp tools for further analysis.

✅ Custom Headers

You have the ability to set custom headers per domain, with the domain list auto-populated from observed traffic.

The Batch Queries tab lets you run batch GraphQL attacks, which can be useful for circumventing poorly implemented rate limits.

Burp's native message editors now come with an additional 'GraphQL (InQL)' tab, providing an efficient way to view and modify GraphQL requests. It also supports schema highlighting for better readability.

InQL now implements GraphiQL and GraphQL Voyager servers. You can send the analysed schame into them to enhance the analysis even further!

To successfully install InQL, ensure you meet the following requirements:

Burp:

• Support is only provided for the most recent version of Burp.
• Compatible with both "Professional" and "Community" editions.

Java:

• The Montoya API needs Java 17 or later.

1. Install Java 17+, for example in Debian-based distros:

$ sudo apt install -y openjdk-17-jdk
$ java --version
openjdk 17.0.6 2023-01-17

2. Install our build tool - Taskfile:

$ # Mac OS & Homebrew:
$ brew install go-task
$ # Debian
$ sudo apt install -y task

2. Clone the repo and pull submodules:

$ git clone https://github.com/doyensec/inql
$ cd inql
$ # Optionally, checkout dev branch (might be broken / unstable!)
$ git checkout dev

3. Build the InQL extension:

$ task all

This should produce a file named InQL.jar or similar in the root of the repo. Load it into Burp as a Java extension.

Development environment

If you want to contribute to the project, no special environment is needed. You can simply re-build the project every time you implement a change.

To speed up the work on the code, you might want to auto-rebuild the extension whenever you make a change. Just run kotlin task with the --watch / -w flag and you're good to go:

$ task kotlin -w

InQL thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve InQL, making it a stronger tool for the community.

Interactions are best carried out through the Github issue tracker, but you can also reach us on social media (@Doyensec). We look forward to hearing from you!

A special thanks to our contributors. Your dedication and commitment have been instrumental in making InQL what it is today.

Current:

• Maintainer: Bartłomiej Górkiewicz @bartek-doyensec (Github)
• Contributor: Savio Sisco @lokiuox (Github)

Historical:

• Author: Andrea Brancaleoni @nJoyneer (Twitter) / thypon (Github)
• Maintainer: Andrew Konstantinov @execveat (Twitter) / @execveat (Mastodon)
• Contributor: Matteo Oldani @matteoldani (Github)
• List of other contributors: AUTHORS

This project was made with support of Doyensec.