Question 1

How do I scan multiple domains with goctopus using a file?

Accepted Answer

Use the -f flag to specify an input file with one address per line, like 'goctopus -f domains.txt', which processes batch inputs efficiently and outputs results to a JSON-lines file by default.

Question 2

Goctopus vs GraphQLmap: which is better for GraphQL security?

Accepted Answer

Goctopus excels at fast discovery and fingerprinting across subdomains, while GraphQLmap focuses more on exploitation and query injection. Use goctopus for reconnaissance and GraphQLmap for deeper attack simulations.

Question 3

How to use goctopus with Docker for scanning a list of URLs?

Accepted Answer

Mount a volume with your input file, e.g., 'docker run --rm -it -v $(pwd):/data escapetech/goctopus -f /data/input.txt', to load addresses from a file and save output to the container or host via volumes.

Question 4

What does the authenticated field mean in goctopus output?

Accepted Answer

It indicates if the GraphQL endpoint requires authentication; 'false' means it's open and accessible, while 'true' suggests it's protected, helping prioritize targets for further testing.

Question 5

Can goctopus detect GraphQL endpoints behind authentication?

Accepted Answer

Yes, it attempts to detect authentication requirements, but it may not bypass auth; it flags endpoints as authenticated based on response patterns, which is useful for initial assessment.

Question 6

How to improve field suggestion detection in goctopus?

Accepted Answer

Enable the -suggest flag along with -introspect, as noted in the README, which uses a better wordlist to detect suggestions when introspection is disabled, aiding schema reconstruction.

goctopus

What is goctopus?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions