自动检测和利用SQL注入工具 -- ghauri
2022-10-8 08:4:17 Author: Web安全工具库(查看原文) 阅读量:29 收藏

===================================

免责声明
请勿利用文章内的相关技术从事非法测试,由于传播、利用此文所提供的信息而造成的任何直接或者间接的后果及损失,均由使用者本人负责,作者不为此承担任何责任。工具来自网络,安全性自测,如有侵权请联系删除。

0x01 工具介绍

一个先进的跨平台工具,可以自动检测和利用SQL注入漏洞,支持布尔注入、时间注入、报错注入、堆叠查询,支持的数据库有MySQL,Microsoft SQL Server,Postgre,Oracle,支持的注入类型有GET、POST、COOKies等。

0x02 安装与使用

1、安装过程

git clone https://github.com/r0oth3x49/ghauri.gipip install --upgrade -r requirements.txtpython setup.py install or python -m pip install -e

2、使用方法

 ghauri http://www.site.com/vuln.php?id=1 --dbs

3、其他参数

usage: ghauri -u URL [OPTIONS]
A cross-platform python based advanced sql injections detection & exploitation tool.
General: -h, --help Shows the help. --version Shows the version. -v VERBOSE Verbosity level: 1-5 (default 1). --batch Never ask for user input, use the default behavior --flush-session Flush session files for current target
Target: At least one of these options has to be provided to define the target(s)
-u URL, --url URL Target URL (e.g. 'http://www.site.com/vuln.php?id=1). -r REQUESTFILE Load HTTP request from a file
Request: These options can be used to specify how to connect to the target URL
-A , --user-agent HTTP User-Agent header value -H , --header Extra header (e.g. "X-Forwarded-For: 127.0.0.1") --host HTTP Host header value --data Data string to be sent through POST (e.g. "id=1") --cookie HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..") --referer HTTP Referer header value --headers Extra headers (e.g. "Accept-Language: fr\nETag: 123") --proxy Use a proxy to connect to the target URL --delay Delay in seconds between each HTTP request --timeout Seconds to wait before timeout connection (default 30) --retries Retries when the connection related error occurs (default 3) --force-ssl Force usage of SSL/HTTPS
Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts
-p TESTPARAMETER Testable parameter(s) --dbms DBMS Force back-end DBMS to provided value --prefix Injection payload prefix string --suffix Injection payload suffix string
Detection: These options can be used to customize the detection phase
--level LEVEL Level of tests to perform (1-3, default 1) --code CODE HTTP code to match when query is evaluated to True --string String to match when query is evaluated to True --not-string String to match when query is evaluated to False --text-only Compare pages based only on the textual content
Techniques: These options can be used to tweak testing of specific SQL injection techniques
--technique TECH SQL injection techniques to use (default "BEST") --time-sec TIMESEC Seconds to delay the DBMS response (default 5)
Enumeration: These options can be used to enumerate the back-end database managment system information, structure and data contained in the tables.
-b, --banner Retrieve DBMS banner --current-user Retrieve DBMS current user --current-db Retrieve DBMS current database --hostname Retrieve DBMS server hostname --dbs Enumerate DBMS databases --tables Enumerate DBMS database tables --columns Enumerate DBMS database table columns --dump Dump DBMS database table entries -D DB DBMS database to enumerate -T TBL DBMS database tables(s) to enumerate -C COLS DBMS database table column(s) to enumerate --start Retrive entries from offset for dbs/tables/columns/dump  --stop              Retrive entries till offset for dbs/tables/columns/dump

0x03 项目链接下载

1、通过阅读原文,到项目地址下载

2、关注公众号"web安全工具库",后台回复:20221008

· 推 荐 阅 读 ·

《GO语言编程从入门到实践》

本书结合作者近十年一线开发经验,力图使用通俗易懂、深入浅出的描述和丰富的动手练习示例,介绍Go语言的语法特性和编程实践。精选20个动手练习项目,轻松掌握Go语言编程


文章来源: http://mp.weixin.qq.com/s?__biz=MzI4MDQ5MjY1Mg==&mid=2247504956&idx=1&sn=26137b964fbd6d32f07b0e24365a5476&chksm=ebb53b3fdcc2b2297fcf03b6006164144d9c223492669c94589a78eac5908d8e36b166d9f4e4#rd
如有侵权请联系:admin#unsafe.sh