
Ghauri
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws.
Requirements
- Python 3
- Python
pip3
Features
- Supports following types of injection payloads:
- Boolean based.
- Error Based
- Time Based
- Stacked Queries
- Support SQL injection for following DBMS.
- MySQL
- Microsoft SQL Server
- Postgres
- Oracle
- Microsoft Access (only supports fingerprint for now in case of boolean based blind)
- Supports following injection types.
- GET/POST Based injections
- Headers Based injections
- Cookies Based injections
- Mulitipart Form data injections
- JSON based injections
- support proxy option
--proxy
. - supports parsing request from txt file: switch for that
-r file.txt
- supports limiting data extraction for dbs/tables/columns/dump: switch
--start 1 --stop 2
- added support for resuming of all phases.
- added support for skip urlencoding switch:
--skip-urlencode
- added support to verify extracted characters in case of boolean/time based injections.
- added support for handling redirects on user demand.
Installation
- cd to ghauri directory.
- install requirements:
python3 -m pip install --upgrade -r requirements.txt
- run:
python3 setup.py install
orpython3 -m pip install -e .
- you will be able to access and run the ghauri with simple
ghauri --help
command.