The BatchQL tool is a GraphQL security auditing script with a focus on performing batch GraphQL queries and mutations.

This script is not complex, and we welcome improvements. When exploring the problem space of GraphQL batching attacks, we found that there were a few blog posts on the internet, however no tool to perform GraphQL batching attacks. With this tool, you could attempt all 10k pin attempts in a single Graphql query. This may bypass any rate limiting or account lockouts depending on the implementation details of the password reset flow

Back to Main