Skip to content

scan graphql

Run security scans against a GraphQL endpoint, including checks for introspection exposure and other GraphQL-specific vulnerabilities.

Terminal window
vulnapi scan graphql <ENDPOINT> [flags]

Accepts all common flags.

Scan a GraphQL endpoint with a bearer token

Terminal window
vulnapi scan graphql https://api.example.com/graphql \
-H "Authorization: Bearer <token>"

Scan through a proxy

Terminal window
vulnapi scan graphql https://api.example.com/graphql \
-H "Authorization: Bearer <token>" \
--proxy http://localhost:8080

Output results as JSON

Terminal window
vulnapi scan graphql https://api.example.com/graphql \
--report-format json \
--report-file report.json
CodeMeaning
0Scan completed successfully
1Fatal error (invalid URL, network failure, etc.)

When a finding exceeds --severity-threshold, additional output is written to stderr. See exit behaviour.