[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-7612":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":35,"readmeContent":36,"aiSummary":37,"trendingCount":16,"starSnapshotCount":16,"syncStatus":38,"lastSyncTime":39,"discoverSource":40},7612,"inql","doyensec\u002Finql","doyensec","InQL is a robust, open-source Burp Suite extension for advanced GraphQL testing, offering intuitive vulnerability detection, customizable scans, and seamless Burp integration.","https:\u002F\u002Fdoyensec.com\u002F",null,"Kotlin",1781,186,25,28,0,3,8,57.12,"Apache License 2.0",false,"master",[24,25,26,27,28,29,30,31,32,33,34],"api-documentation-tool","bugbounty","bugbounty-tool","burp-extensions","burpsuite","graphql","graphql-security","penetration-testing","security-audit","security-scanner","security-tools","2026-06-12 04:00:35","# InQL v6.1.2 - Burp Extension for Advanced GraphQL Testing\n\n[![Doyensec Research Island](https:\u002F\u002Fimg.shields.io\u002Fstatic\u002Fv1?logo=data:image\u002Fpng;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAAABGdBTUEAALGPC\u002FxhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAACLlBMVEUsJx8sJx8sJx8tJx8xKiAvKR8rJx8uKB+CWCu7eDK5dzKxcjFTPSQqJh9nSCfskzn4mjv3mjr5mzurbzAwKSCiaS\u002F3mTr0mDr1mTr1mDrqkjlrSicpJR9RPCTaijf2mTrjjjigaS+YZC6ZZS6ZZC6aZS7Vhja\u002FejM5LiErJh+JWyxxTignJB4oJR55UinxljrylzqCVyspJh9BMyLHfzTFfjQ+MSE4LiG5djLRhDVINyPvlTmKXCxOOiN2USl1UCh0TyhENSJkRyfpkjibZi40LCDXiDZOOiRgRCbljzf0lzn1mDmgaC4tKB+iai\u002FhjTdcQiZdQybljzikay+dZi73mDnkjjdhRSZSPCTbijeyczEyKyDmkDjXhzX2mDn3mTm2dTGJXCztlDlzTylMOSM2LCCEWCr1lznvlDh3USk9MSF\u002FVirwljl8VCrBezLJfzNCMyJwTiiLXSxQOyTijjivcTEoJR\u002F0mDnwlTluTChDNCLWhza8eTMzKyCLXCzslDlENCLKgDTDfDM8MCF7VCrxlzoyKiCOXyzrkzlvTShHNiPPgzVbQiVUPiTeizeucDCTYS1qSidlRyelay\u002FfjDdYQCWobTA2LSCVYi2qbjDcijc1LCBYPyVbQSVJNyM6LyG8eDJFNSJrSyiQYC3zlzrBezPLgTTShTW6dzKEWSt6UymWYy3AezORYC2XYy3aiTa4djJaQSViRiawcjH6nDv4mjqeZy6faC5LOSP\u002F\u002F\u002F\u002F0Gs0gAAAAAnRSTlPw8aiV7g8AAAABYktHRLk6uBZgAAAAB3RJTUUH5wQDChERFF4OgAAAAhhJREFUOMuNk\u002FdXE0EQx8lJNkgcwiLe7eLqAIq6ogYPBaWogFjAEAWxixqsxK5gLygigigasUWw99798wwE3puY98DPr\u002FO5u5nvzSQkGCPiGKVuGP8jjEmMw8mo4Eoam\u002FwP7nFABEjxpPJY0san0x6cE0zLskhdyIyJiggwaTKKzKzsKVGm5kxDPn2GJlPATCk9ubNgiNlzvDJvrk0EnT8P+fyCyDNaKaVZ4QITFxYByUHlFkurBAxdumjxkjKtyisELqVBsUo3x2XLAVasrKpe5WPOGi78q4EkqdbUCl7nYq619dXr1gNs2Ih802ZGovbloNhSbkPp1oZt2ysZ7JAy0KiIADsjsyXvYrC7as\u002FefSradpMmPwuCeXL\u002FAdAFBxvqDx3W6khAWkcZFY4dF6nNLqOlBE+cPKXg9BnkZ88RQZ+35IVGgIutyC9d1qrNK68kkU8M9u1uZ\u002FqqkB3XFHR2ReIuJIKzxhT+6wDdNwS\u002FmciMHpQVt2ySw+0MgdkGSw+Z4k4v2L1+we86SZL3mgOe1k5QKR0S7zPW\u002FsDEh90kSRZ+1NfXz\u002FTjJyZ2PQX1LCDlcx2ztLZSYKjgC+kN2rrpJeKr\u002FFhhcJL+14hvwqrlrSWL39F9GOY9WvLDx55PnwX\u002FEmZxgvqaKSxLDOykqP1mxx0OC3\u002F\u002F8XOItCxf\u002FGVB0a9QXZTQ7z8QLwy8ZBgdc1mj3KZj5LrjL1F7eEeDTryKAAAAJXRFWHRkYXRlOmNyZWF0ZQAyMDIzLTA0LTAzVDEwOjE3OjEyKzAwOjAwECxG2gAAACV0RVh0ZGF0ZTptb2RpZnkAMjAyMy0wNC0wM1QxMDoxNzoxMiswMDowMGFx\u002FmYAAAAgdEVYdHNvZnR3YXJlAGh0dHBzOi8vaW1hZ2VtYWdpY2sub3JnvM8dnQAAABh0RVh0VGh1bWI6OkRvY3VtZW50OjpQYWdlcwAxp\u002F+7LwAAABh0RVh0VGh1bWI6OkltYWdlOjpIZWlnaHQAMTkyQF1xVQAAABd0RVh0VGh1bWI6OkltYWdlOjpXaWR0aAAxOTLTrCEIAAAAGXRFWHRUaHVtYjo6TWltZXR5cGUAaW1hZ2UvcG5nP7JWTgAAABd0RVh0VGh1bWI6Ok1UaW1lADE2ODA1MTcwMzLks9aDAAAAD3RFWHRUaHVtYjo6U2l6ZQAwQkKUoj7sAAAAVnRFWHRUaHVtYjo6VVJJAGZpbGU6Ly8vbW50bG9nL2Zhdmljb25zLzIwMjMtMDQtMDMvMWVjNTYyMTlhZWY0YzQ4MDI1N2Y2YWFjYzUxM2M0Y2MuaWNvLnBuZ98kODgAAAAASUVORK5CYII=&link=https:\u002F\u002Fdoyensec.com\u002Fresearch.html&message=Research%20Island&&label=Doyensec&color=purple)](https:\u002F\u002Fdoyensec.com\u002Fresearch.html)\n![GitHub](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Flicense\u002Fdoyensec\u002Finql?logo=github&color=darkgreen)\n![GitHub release (latest by date)](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fv\u002Frelease\u002Fdoyensec\u002Finql?label=latest%20release&logo=github)\n![GitHub Release Date](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Frelease-date\u002Fdoyensec\u002Finql?display_date=published_at&logo=github)\n[![dev branch ahead by](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcommits-difference\u002Fdoyensec\u002Finql?base=master&head=dev&label=dev+branch+ahead+by&color=bright&logo=github)](https:\u002F\u002Fgithub.com\u002Fdoyensec\u002Finql\u002Ftree\u002Fdev)\n[![GitHub contributors](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fcontributors\u002Fdoyensec\u002Finql?logo=github&color=black)](AUTHORS)\n[![GitHub issues by-label](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fdoyensec\u002Finql\u002FHelp%20Wanted?color=red&logo=github)](https:\u002F\u002Fgithub.com\u002Fdoyensec\u002Finql\u002Fissues?q=is%3Aissue+is%3Aopen+label%3A%22Help+Wanted%22)\n[![GitHub issues by-label](https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fissues\u002Fdoyensec\u002Finql\u002FGood%20First%20Issue?color=f0a&logo=github)](https:\u002F\u002Fgithub.com\u002Fdoyensec\u002Finql\u002Fissues?q=is%3Aissue+is%3Aopen+label%3A%22Good+First+Issue%22)\n\n\u003Cimg align=\"right\" width=\"200\" src=\"docs\u002Finql.png\">\n\n## :rocket: Introduction\n\nWelcome to InQL, an open-source GraphQL testing tool. This tool provides features designed to enhance your GraphQL testing experience, making it more efficient and effective. \n\nWe appreciate your trust in InQL. Happy testing!\n\n## :star2: Key Features\n\nThe InQL user interface is equipped with three primary components: the *Scanner*, the *Batch Queries*, and the *Engine Fingerprinting* tab\n\n### :mag_right: Scanner\n\n![Scanner](assets\u002Fscanner.png)\n\nThe *Scanner* is the core of InQL, where you can analyze a GraphQL endpoint or a local introspection schema file. It auto-generates all possible queries, mutations, and subscriptions, organizing them into a structured view for your analysis.\n\n**:white_check_mark: Customizable Scans**\n\nInQL offers the flexibility to customize your scans. Adjust the depth of generated queries or the number of spaces used for indentation. You can also perform 'Points of Interest' scans to detect potential vulnerabilities in the GraphQL schema.\n\n**:white_check_mark: Points of Interest Analysis**\n\nAfter running a Points of Interest scan, you are presented with a rich data set covering a variety of potential vulnerabilities. You can enable or disable these categories according to your needs.\n\n**:white_check_mark: Circular References Detection**\n\nInQL implements circular reference detection. After analyzing the schema, it displays potentially vulnerable queries in the scanner results view.\n\n**:white_check_mark: Enhanced Interactions with Burp**\n\nInQL seamlessly integrates with Burp, enabling you to generate queries directly from any GraphQL request in Burp. You can also send auto-generated queries to other Burp tools for further analysis.\n\n**:white_check_mark: Custom Headers**\n\nYou have the ability to set custom headers per domain, with the domain list auto-populated from observed traffic.\n\n### :crossed_swords: Batch Queries\n\nThe *Batch Queries* tab lets you run batch GraphQL attacks, which can be useful for circumventing poorly implemented rate limits.\n\n### :memo: Burp's Native Message Editors\n\nBurp's native message editors now come with an additional 'GraphQL (InQL)' tab, providing an efficient way to view and modify GraphQL requests. It also supports schema highlighting for better readability. \n\n### :crossed_swords: GraphiQL and GraphQL Voyager\n\nInQL now implements GraphiQL and GraphQL Voyager servers. You can send the analysed schame into them to enhance the analysis even further!\n\n### :point_up: Engine Fingerprinting\nThis tab allows you to scan a GraphQL URL to retrieve information about the backend server technology.\n\n### :construction: Schema Bruteforcer\nThis scanner is designed to recreate the schema when introspection is disabled. It is based on [Clairvoyance CLI tool](https:\u002F\u002Fgithub.com\u002Fnikitastupin\u002Fclairvoyance), using regex pattern matching to discover schema details.\n\n# :arrow_down: Installation\n\nTo successfully install InQL, ensure you meet the following requirements:\n\nBurp:\n\n- Support is only provided for the most recent version of Burp.\n- Compatible with both \"Professional\" and \"Community\" editions.\n\nJava:\n\n- The Montoya API needs Java 17 or later.\n\n## :computer: Building the InQL extension from git\n\n1. Install Java 17+, for example in Debian-based distros:\n\n```bash\n$ sudo apt install -y openjdk-17-jdk\n$ java --version\nopenjdk 17.0.6 2023-01-17\n```\n\n2. Install our build tool - [Taskfile](https:\u002F\u002Ftaskfile.dev):\n\n```bash\n$ # Mac OS & Homebrew:\n$ brew install go-task\n$ # Debian\n$ sudo apt install -y task\n```\n\n2. Clone the repo and pull submodules:\n\n```bash\n$ git clone https:\u002F\u002Fgithub.com\u002Fdoyensec\u002Finql\n$ cd inql\n$ # Optionally, checkout dev branch (might be broken \u002F unstable!)\n$ git checkout dev\n```\n\n3. Build the InQL extension:\n\n```bash\n$ task all\n```\n\nThis should produce a file named `InQL.jar` or similar in the root of the repo. Load it into Burp\nas a Java extension.\n\n**Development environment**\n\nIf you want to contribute to the project, no special environment is needed. You can simply re-build the project every time you implement a change.\n\nTo speed up the work on the code, you might want to auto-rebuild the extension whenever you make a change. Just run\n`kotlin` task with the `--watch` \u002F `-w` flag and you're good to go:\n\n```bash\n$ task kotlin -w\n```\n\n# :handshake: Contributing\n\nInQL thrives on community contributions. Whether you're a developer, researcher, designer, or bug hunter, your expertise is invaluable to us. We welcome bug reports, feedback, and pull requests. Your participation helps us continue to improve InQL, making it a stronger tool for the community.\n\nInteractions are best carried out through the Github issue tracker, but you can also reach us on social media ([@Doyensec](https:\u002F\u002Ftwitter.com\u002FDoyensec)). We look forward to hearing from you!\n\n# :busts_in_silhouette: Contributors\n\nA special thanks to our contributors. Your dedication and commitment have been instrumental in making InQL what it is today.\n\nCurrent:\n- **Maintainer:** Bartłomiej Górkiewicz [@bartek-doyensec (Github)](https:\u002F\u002Fgithub.com\u002Fbartek-doyensec)\n- **Contributor:** Savio Sisco [@lokiuox (Github)](https:\u002F\u002Fgithub.com\u002Flokiuox)\n\nHistorical:\n- **Author:** Andrea Brancaleoni [@nJoyneer (Twitter)](https:\u002F\u002Ftwitter.com\u002FnJoyneer) \u002F [thypon (Github)](https:\u002F\u002Fgithub.com\u002Fthypon)\n- **Maintainer:** Andrew Konstantinov [@execveat (Twitter)](https:\u002F\u002Ftwitter.com\u002Fexecveat) \u002F [@execveat (Mastodon)](https:\u002F\u002Finfosec.exchange\u002F@execveat)\n- **Contributor:** Matteo Oldani [@matteoldani (Github)](https:\u002F\u002Fgithub.com\u002Fmatteoldani)\n- List of other contributors: [AUTHORS](AUTHORS)\n\nThis project was made with support of [Doyensec](https:\u002F\u002Fdoyensec.com\u002Fresearch.html).\n\n![Doyensec Research](docs\u002Fdoyensec_logo.svg)\n","InQL 是一个强大的开源 Burp Suite 扩展，专为高级 GraphQL 测试设计。它提供直观的漏洞检测、可自定义的扫描以及与 Burp 的无缝集成。该项目采用 Kotlin 语言编写，具备高度可配置性，支持用户根据需求调整扫描策略。适用于需要对 GraphQL API 进行安全性评估和渗透测试的场景，帮助开发者和安全专家发现潜在的安全问题。",2,"2026-06-11 03:13:17","top_language"]