mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
c21af3347e
- Add scripts/agent.py and references/api-reference.md to all remaining skills - Update all 648 LICENSE files: copyright now reads 'Mahipal' - Add implementing-security-monitoring-with-datadog (new skill with full anatomy) - All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
1.6 KiB
1.6 KiB
API Reference — Performing GraphQL Depth Limit Attack
Libraries Used
- requests: Send GraphQL queries with depth/width/batch payloads
- time: Measure response latency for resource exhaustion detection
CLI Interface
python agent.py depth --url <endpoint> [--max-depth 20] [--auth-header "Bearer token"]
python agent.py circular --url <endpoint> --type-a User --field-a posts --type-b Post --field-b author [--depth 10]
python agent.py batch --url <endpoint> [--count 50]
python agent.py width --url <endpoint> [--width 50] [--depth 5]
Core Functions
build_nested_query(field_name, depth, leaf) — Construct nested query payload
Generates progressively deeper GraphQL queries for depth limit probing.
test_depth_limit(url, max_depth, headers) — Probe depth enforcement
Sends queries at increasing depth (1 to max_depth). Classifies severity: HIGH (>=15 allowed), MEDIUM (>=8), LOW (<8).
test_circular_query(url, type_a, field_a, type_b, field_b, depth) — Test circular references
Builds alternating A.field_a -> B.field_b chains to test circular query handling.
test_batch_query(url, count, headers) — Test batch query bypass
Sends array of N queries to check if batching bypasses per-query depth limits.
test_resource_exhaustion(url, width, depth, headers) — Test wide+deep queries
Combines field width (aliases) with nesting depth. Flags SLOW_RESPONSE if >5s.
Severity Classification
- HIGH: No depth limit or limit >= 15 levels
- MEDIUM: Depth limit 8-14 or batch queries accepted
- LOW: Depth limit < 8 with proper enforcement
Dependencies
pip install requests