reducal
v1.0.0
Published
[![GitHub release](https://img.shields.io/badge/release-v1.3-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.3) [![GitHub stars](https://img.shields.io/github/stars/r0oth3x49/ghauri?style=flat-square)](https://github.com
Downloads
2
Readme
Ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws.
Requirements
- Python 3
- Python
pip3
Installation
- cd to ghauri directory.
- install requirements:
python3 -m pip install --upgrade -r requirements.txt
- run:
python3 setup.py install
orpython3 -m pip install -e .
- you will be able to access and run the ghauri with simple
ghauri --help
command.
OR
- Follow this installation guideline if facing an installation issue.
Download Ghauri
You can download the latest version of Ghauri by cloning the GitHub repository.
git clone https://github.com/r0oth3x49/ghauri.git
Features
- Supports following types of injection payloads:
- Boolean based.
- Error Based
- Time Based
- Stacked Queries
- Support SQL injection for following DBMS.
- MySQL
- Microsoft SQL Server
- Postgres
- Oracle
- Microsoft Access (only supports fingerprint for now in case of boolean based blind)
- Supports following injection types.
- GET/POST Based injections
- Headers Based injections
- Cookies Based injections
- Mulitipart Form data injections
- JSON based injections
- SOAP/XML based injections
- support proxy option
--proxy
. - supports parsing request from txt file: switch for that
-r file.txt
- supports limiting data extraction for dbs/tables/columns/dump: switch
--start 1 --stop 2
- added support for resuming of all phases.
- added support for skip urlencoding switch:
--skip-urlencode
- added support to verify extracted characters in case of boolean/time based injections.
- added support for handling redirects on user demand.
- added support for sql-shell switch:
--sql-shell
(experimental) - added support for fresh queries switch:
--fresh-queries
- added switch for hostname extraction:
--hostname
- added switch to update ghauri from github:
--update
- Note: ghauri has to be cloned/installed from github for this switch to work for futures updates,
for older version users they have to run git pull (if installed using git) to get this update
and for futures updates the update will be possible with
ghauri --update
command to get the latest version of ghauri.
- Note: ghauri has to be cloned/installed from github for this switch to work for futures updates,
for older version users they have to run git pull (if installed using git) to get this update
and for futures updates the update will be possible with
Advanced Usage
Legal disclaimer
Usage of Ghauri for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local,state and federal laws.
Developer assume no liability and is not responsible for any misuse or damage caused by this program.
TODO
- Add support for inline queries.
- Add support for Union based queries
Like Ghauri, consider supporting