Ghauri: Automated SQLi exploit tool

A cross-platform tool that automates the process of detecting and exploiting SQL injection vulnerabilities. It is open source, written in python, and its purpose is to take our hands off sqli exploitation.

ghauri

Specifications

  • It supports the following types of payloads:
    • Boolean based.
    • Error Based
    • Time Based
    • Stacked Queries
  • SQL injection support for the following DBMS:
  • It supports the following injection types:
    • GET/POST Based injections
    • Based injections
    • Cookies Based injections
    • Multipart Form data injections
    • JSON based injections
  • Supports proxy selection --proxy.
  • Supports parsing request from txt file:-r file.txt
  • Supports restricting data dump for dbs/tables/columns/dump:–start 1 –stop 2

Requirements

  • Python 3
  • Python pip3

Installation

git clone https://github.com/r0oth3x49/ghauri

cd ghauri

python3 -m pip –upgrade -r requirements.txt

python3 setup.py install or python3 -m pip install -e

ghauri –help to see the available options

Use

Author: Nasir Khan (r0ot h3x49) usage: ghauri -u URL [OPTIONS] A cross-platform python based advanced sql injections detection & exploitation tool.
 General: -h, --help Shows the help.
 --version Shows the version.
 -v VERBOSE Verbosity level: 1-5 (default 1).
 --batch Never ask for user input, use the default behavior --flush-session Flush session files for current target Target: At least one of these options has to be provided to define the target(s) -u URL, --url URL Target URL (eg  'http://www.site.com/vuln.php?id=1).
 -r REQUESTFILE Load HTTP request from a file Request: These options can be used to specify how to connect to the target URL -A , --user-agent HTTP User-Agent header value -H , --header Extra header (eg  "X-Forwarded-For: 127.0.0.1") --host HTTP Host header value --data Data string to be sent through POST (eg  "id=1") --cookie HTTP Cookie header value (eg  "PHPSESSID=a8d127e..") --referer HTTP Referer header value --headers Extra headers (eg  "Accept-Language: fr\nETag: 123") --proxy Use a proxy to connect to the target URL --delay Delay in seconds between each HTTP request --timeout Seconds to wait before timeout connection (default 30) --retries Retries when the connection related error occurs (default 3) --force-ssl Force usage of SSL/HTTPS Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts -p TESTPARAMETER Testable parameter (s) --dbms DBMS Force back-end DBMS to provided value --prefix Injection payload prefix string --suffix Injection payload suffix string Detection: These options can be used to customize the detection phase --level LEVEL Level of tests to perform (1-3, default 1) --code CODE HTTP code to match when query is evaluated to True --string String to match when query is evaluated to True --not-string String to match when query is evaluated to False -- text-only Compare pages based only on the textual content Techniques: These options can be used to tweak testing of specific SQL injection techniques --technique TECH SQL injection techniques to use (default "BEST") --time-sec TIMESEC Seconds to delay the DBMS response (default 5) Enumeration: These options can be used to enumerate the back-end database management system information, structure and data contained in the tables.

You can download the program from here.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.
SQLi, Ghauri

Written by Anastasis Vasileiadis

Translations are like women. When they are beautiful they are not faithful and when they are faithful they are not beautiful.

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).