GraphQLer is a cutting-edge tool designed to dynamically test GraphQL APIs. It automatically reads a schema, resolves dependencies between objects, queries, and mutations, then executes security-focused fuzzing chains against the API.
Key features
- Dependency awareness — runs queries and mutations in the correct dependency order
- IDOR detection — dual-profile chain replay to catch insecure direct object references
- LLM integration — optional AI-powered dependency inference and vulnerability reporting
- Interactive TUI — full terminal UI for every workflow
- MCP server — exposes compile/fuzz/run as Model Context Protocol tools for AI assistants
Published on arXiv (cs.CR 2504.13358).