GraphiQL
GraphiQL GraphiQL is the interactive in-browser IDE for GraphQL exploration, with schema introspection and query autocompletion to map fields and mutations during API discovery. Embed its React component in apps or run standalone for testing resolvers with variables and fragments. Open-source from GraphQL Foundation, it's the query questor for devs delving into GraphQL depths with visual guidance.
Explore →GraphQLmap
GraphQLmap GraphQLmap is the SQLMap-inspired tool for GraphQL exploitation, automating injections and DoS tests even without introspection via brute-force schema dumping. Run its Python script on endpoints with --query for targeted payloads, escalating to data exfil or RCE. Open-source from doyensec, it's the GraphQL grappler for pentesters templating query-based attacks.
Explore →Clairvoyance
Clairvoyance Clairvoyance brute-forces GraphQL introspection when disabled, timing or error-based queries to reconstruct schemas for hidden field discovery in black-box APIs. Script its Python lib with custom wordlists for type enum, outputting SDL for further fuzzing. Open-source from PortSwigger, it's the schema seer for reverse engineers unveiling GraphQL secrets.
Explore →Altair GraphQL Client
Altair GraphQL Client Altair is the feature-packed GraphQL IDE with subscriptions, schema viz, and env support for exploring mutations and queries in collaborative sessions. Clone its Angular repo for local extensions, scripting tests via API for automated discovery. Open-source from imolorhe, it's the query quester for API artisans templating exploratory sessions.
Explore →Insomnia
Insomnia Insomnia's core is the REST/GraphQL client with schema introspection and env vars, enabling discovery of fields and resolvers through interactive queries. Build from Electron source for custom plugins, exporting collections for team shares. Open-source from Kong, it's the request ranger for devs exploring APIs with visual flair.
Explore →GraphQL Voyager
GraphQL Voyager GraphQL Voyager generates interactive schema diagrams from introspection, visualizing types and relations for API structure discovery in design reviews. Run its JS app on endpoints for embeddable maps, exporting SVG for docs. Open-source from APIs-guru, it's the schema sketcher for architects templating GraphQL overviews.
Explore →graphql-cop
GraphQL Cop graphql-cop is the linter for GraphQL schemas and queries, flagging N+1 issues or over-fetching in discovery phases for optimized API testing. Install via npm, validate SDL files for compliance reports. Open-source from community, it's the query quartermaster for devs enforcing GraphQL best practices.
Explore →Hoppscotch
Hoppscotch Hoppscotch is the open-source API playground for REST/GraphQL, with collections and env vars for testing endpoints and mutations in collaborative sessions. Clone its Vue repo for local runs, scripting requests via CLI for automated discovery. Open-source from Hoppscotch, it's the request ranger for devs exploring APIs with visual flair.
Explore →GraphQL Inspector
GraphQL Inspector GraphQL Inspector diffs schemas and queries across versions, validating breaking changes or deprecated fields for API evolution tracking in discovery phases. Run its CLI on endpoints or SDL files for reports, integrating with CI for schema audits. Open-source from kamilkisiela, it's the schema sentinel for GraphQL guardians templating consistent evolutions.
Explore →graphql-fuzz