Ghauri – Advance Tool to Automatically Detect and Exploiting SQL Injection

Ghauri - Advance Tool to Automatically Detect and Exploiting SQL Injection xploitlab


An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws.


  • Python 3
  • Python pip3


  • Supports following types of injection payloads:
    • Boolean based.
    • Error Based
    • Time Based
    • Stacked Queries
  • Support SQL injection for following DBMS.
    • MySQL
    • Microsoft SQL Server
    • Postgres
    • Oracle
    • Microsoft Access (only supports fingerprint for now in case of boolean based blind)
  • Supports following injection types.
    • GET/POST Based injections
    • Headers Based injections
    • Cookies Based injections
    • Mulitipart Form data injections
    • JSON based injections
  • support proxy option --proxy.
  • supports parsing request from txt file: switch for that -r file.txt
  • supports limiting data extraction for dbs/tables/columns/dump: switch --start 1 --stop 2
  • added support for resuming of all phases.
  • added support for skip urlencoding switch: --skip-urlencode
  • added support to verify extracted characters in case of boolean/time based injections.
  • added support for handling redirects on user demand.


  • cd to ghauri directory.
  • install requirements: python3 -m pip install --upgrade -r requirements.txt
  • run: python3 install or python3 -m pip install -e .
  • you will be able to access and run the ghauri with simple ghauri --help command.

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

two + eleven =