There are 2 repositories under graphql-injection topic.
GraphQLmap is a scripting engine to interact with a graphql endpoint for pentesting purposes. - Do not use for illegal testing ;)
Check your WAF before an attacker does