Skip to content

Releases: r0oth3x49/ghauri

Ghauri v1.0.1#dev

06 Oct 08:54
@r0oth3x49 r0oth3x49
v1.0.1#dev
c59deca
Compare
Choose a tag to compare
Ghauri v1.0.1#dev
  • fixed multiple things with boolean based blind SQL injection detection
  • Added support to ask user if WAF and/or HTTP Connection errors are detected 3 consecutive times.
  • Added support when user aborts during data extraction phase ask them if wants to continue or terminate, in case of termination show the fetched results if any.
  • page difference based boolean types are improved.
  • few code clean ups.
Assets 2
Loading

Ghauri stable release version 1.0

04 Oct 12:57
@r0oth3x49 r0oth3x49
v1.0
066d0b4
Compare
Choose a tag to compare
Ghauri stable release version 1.0

Description

Ghauri is a python based open source SQL injection tool that automates the process of detecting & exploiting SQL injection security flaws. Currently it supports Boolean Based, Time Based, Stacked Queries, Error based SQL injection for MySQL, Postgre, MSSQL & Oracle.

Features

  • Supports following types of injection payloads:
    • Boolean based.
    • Error Based
    • Time Based
    • Stacked Queries
  • Support SQL injection for following DBMS.
    • MySQL
    • Microsoft SQL Server
    • Postgre
    • Oracle
  • Supports following injection types.
    • GET/POST Based injections
    • Headers Based injections
    • Cookies Based injections
    • Mulitipart Form data injections
    • JSON based injections
  • support proxy option --proxy.
  • supports parsing request from txt file: switch for that -r file.txt
  • supports limiting data extraction for dbs/tables/columns/dump: swicth --start 1 --stop 2
  • support techniques: switch: --technique=BTES

Advanced help

usage: ghauri -u URL [OPTIONS]

A cross-platform python based advanced sql injections detection & exploitation tool.

General:
 -h, --help          Shows the help.
 --version           Shows the version.
 -v VERBOSE          Verbosity level: 1-5 (default 1).
 --batch             Never ask for user input, use the default behavior
 --flush-session     Flush session files for current target

Target:
 At least one of these options has to be provided to define the
 target(s)

 -u URL, --url URL   Target URL (e.g. 'http://www.site.com/vuln.php?id=1).
 -r REQUESTFILE      Load HTTP request from a file

Request:
 These options can be used to specify how to connect to the target URL

 -A , --user-agent   HTTP User-Agent header value
 -H , --header       Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
 --host              HTTP Host header value
 --data              Data string to be sent through POST (e.g. "id=1")
 --cookie            HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
 --referer           HTTP Referer header value
 --headers           Extra headers (e.g. "Accept-Language: fr\nETag: 123")
 --proxy             Use a proxy to connect to the target URL
 --delay             Delay in seconds between each HTTP request
 --timeout           Seconds to wait before timeout connection (default 30)
 --retries           Retries when the connection related error occurs (default 3)
 --force-ssl         Force usage of SSL/HTTPS

Injection:
 These options can be used to specify which parameters to test for,
 provide custom injection payloads and optional tampering scripts

 -p TESTPARAMETER    Testable parameter(s)
 --dbms DBMS         Force back-end DBMS to provided value
 --prefix            Injection payload prefix string
 --suffix            Injection payload suffix string

Detection:
 These options can be used to customize the detection phase

 --level LEVEL       Level of tests to perform (1-3, default 1)
 --code CODE         HTTP code to match when query is evaluated to True
 --string            String to match when query is evaluated to True
 --not-string        String to match when query is evaluated to False
 --text-only         Compare pages based only on the textual content

Techniques:
 These options can be used to tweak testing of specific SQL injection
 techniques

 --technique TECH    SQL injection techniques to use (default "BEST")
 --time-sec TIMESEC  Seconds to delay the DBMS response (default 5)

Enumeration:
 These options can be used to enumerate the back-end database
 managment system information, structure and data contained in the
 tables.

 -b, --banner        Retrieve DBMS banner
 --current-user      Retrieve DBMS current user
 --current-db        Retrieve DBMS current database
 --hostname          Retrieve DBMS server hostname
 --dbs               Enumerate DBMS databases
 --tables            Enumerate DBMS database tables
 --columns           Enumerate DBMS database table columns
 --dump              Dump DBMS database table entries
 -D DB               DBMS database to enumerate
 -T TBL              DBMS database tables(s) to enumerate
 -C COLS             DBMS database table column(s) to enumerate
 --start             Retrive entries from offset for dbs/tables/columns/dump
 --stop              Retrive entries till offset for dbs/tables/columns/dump

Example:
 ghauri http://www.site.com/vuln.php?id=1 --dbs
Assets 2
Loading