高里
v1.3.8
一种先进的跨平台工具,可自动执行检测和利用 SQL 注入安全漏洞的过程。
pip3 python3 -m pip install --upgrade -r requirements.txtpython3 setup.py install或python3 -m pip install -e .ghauri --help命令访问并运行 ghauri。或者
您可以通过克隆 GitHub 存储库来下载最新版本的 Ghauri。
git clone https://github.com/r0oth3x49/ghauri.git
--proxy 。-r file.txt的开关--start 1 --stop 2--skip-urlencode--sql-shell (实验性)--fresh-queries--hostname--updateghauri --update命令获取最新版本的 ghauri。--ignore-code--count-m (实验)
Author: Nasir khan (r0ot h3x49)
usage: ghauri -u URL [OPTIONS]
A cross-platform python based advanced sql injections detection & exploitation tool.
General:
-h, --help Shows the help.
--version Shows the version.
--update update ghauri
-v VERBOSE Verbosity level: 1-5 (default 1).
--batch Never ask for user input, use the default behavior
--flush-session Flush session files for current target
--fresh-queries Ignore query results stored in session file
--test-filter Select test payloads by titles (experimental)
Target:
At least one of these options has to be provided to define the
target(s)
-u URL, --url URL Target URL (e.g. 'http://www.site.com/vuln.php?id=1).
-m BULKFILE Scan multiple targets given in a textual file
-r REQUESTFILE Load HTTP request from a file
Request:
These options can be used to specify how to connect to the target URL
-A , --user-agent HTTP User-Agent header value
-H , --header Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
--host HTTP Host header value
--data Data string to be sent through POST (e.g. "id=1")
--cookie HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
--referer HTTP Referer header value
--headers Extra headers (e.g. "Accept-Language: frnETag: 123")
--proxy Use a proxy to connect to the target URL
--delay Delay in seconds between each HTTP request
--timeout Seconds to wait before timeout connection (default 30)
--retries Retries when the connection related error occurs (default 3)
--confirm Confirm the injected payloads.
--ignore-code Ignore (problematic) HTTP error code(s) (e.g. 401)
--skip-urlencode Skip URL encoding of payload data
--force-ssl Force usage of SSL/HTTPS
Optimization:
These options can be used to optimize the performance of ghauri
--threads THREADS Max number of concurrent HTTP(s) requests (default 1)
Injection:
These options can be used to specify which parameters to test for,
provide custom injection payloads and optional tampering scripts
-p TESTPARAMETER Testable parameter(s)
--dbms DBMS Force back-end DBMS to provided value
--prefix Injection payload prefix string
--suffix Injection payload suffix string
--safe-chars Skip URL encoding of specific character(s): (e.g:- --safe-chars="[]")
--fetch-using Fetch data using different operator(s): (e.g: --fetch-using=between/in)
Detection:
These options can be used to customize the detection phase
--level LEVEL Level of tests to perform (1-3, default 1)
--code CODE HTTP code to match when query is evaluated to True
--string String to match when query is evaluated to True
--not-string String to match when query is evaluated to False
--text-only Compare pages based only on the textual content
Techniques:
These options can be used to tweak testing of specific SQL injection
techniques
--technique TECH SQL injection techniques to use (default "BEST")
--time-sec TIMESEC Seconds to delay the DBMS response (default 5)
Enumeration:
These options can be used to enumerate the back-end database
management system information, structure and data contained in the
tables.
-b, --banner Retrieve DBMS banner
--current-user Retrieve DBMS current user
--current-db Retrieve DBMS current database
--hostname Retrieve DBMS server hostname
--dbs Enumerate DBMS databases
--tables Enumerate DBMS database tables
--columns Enumerate DBMS database table columns
--count Retrieve number of entries for table(s)
--dump Dump DBMS database table entries
-D DB DBMS database to enumerate
-T TBL DBMS database tables(s) to enumerate
-C COLS DBMS database table column(s) to enumerate
--start Retrieve entries from offset for dbs/tables/columns/dump
--stop Retrieve entries till offset for dbs/tables/columns/dump
--sql-shell Prompt for an interactive SQL shell (experimental)
Example:
ghauri -u http://www.site.com/vuln.php?id=1 --dbs
Usage of Ghauri for attacking targets without prior mutual consent is illegal.
It is the end user's responsibility to obey all applicable local,state and federal laws.
Developer assume no liability and is not responsible for any misuse or damage caused by this program.
有大量文章和帖子强调了用户使用 Ghauri 与 SQLMap 相比所取得的成功。虽然我没有直接将 Ghauri 与 SQLMap 进行比较,但许多用户已经这样做了。我发起这个项目是因为,在我的日常工作中,我经常遇到有效配置和使用 SQLMap 的重大挑战,即使是看似简单的 SQL 注入。尽管这些注入看起来很简单,但 SQLMap 经常无法检测到它们。在朋友的鼓励下,我决定创建自己的工具。我开发了许多用于利用的脚本,每个脚本都针对特定情况量身定制,并且我意识到将这些技术集成到单个模块中的潜在好处。这导致了 Ghauri 的诞生,它受到了社区的好评,因其有效性而赢得了积极的反馈和星星。
甚至斯塔帕姆也承认了 Ghauri,在推文中将其描述为“内部结构的重写”,强调了其内部机制的重要性。
例如,您可以将易受攻击的 HTTP 请求保存到文件(身份验证后的 SQLi),并使用 -r 开关将其提供给 Ghauri 和 SQLMap。结果不言自明,无需自定义配置。
Ghauri 既以类似浏览器的方式运行,又具有自己独特的方法,自动切换到不同的渗透技术和旁路。同样,这不是直接比较,因为 Ghauri 仍有许多功能需要实现,而 SQLMap 已经功能丰富。然而,高里始终如一地执行所需的任务。
自从开发这个工具以来,我很少使用SQLMap,除了少数情况下Ghauri仍在改进中。
我鼓励您亲自尝试一下。谢谢。
