自動檢測和利用SQL注入工具

0x01 工具介紹

一個先進的跨平臺工具，可以自動檢測和利用SQL注入漏洞，支持布爾注入、時間注入、報錯注入、堆疊查詢，支持的數據庫有MySQL，Microsoft SQL Server，Postgre，Oracle，支持的注入類型有GET、POST、COOKies等。

0x02 安裝與使用

1、安裝過程

git clone https://github.com/r0oth3x49/ghauri.gi
pip install --upgrade -r requirements.txt
python setup.py install or python -m pip install -e

2、使用方法

 ghauri http://www.site.com/vuln.php?id=1 --dbs

3、其他參數

usage: ghauri -u URL [OPTIONS]
A cross-platform python based advanced sql injections detection & exploitation tool.
General:
  -h, --help          Shows the help.
  --version           Shows the version.
  -v VERBOSE          Verbosity level: 1-5 (default 1).
  --batch             Never ask for user input, use the default behavior
  --flush-session     Flush session files for current target
Target:
  At least one of these options has to be provided to define the
  target(s)
  -u URL, --url URL   Target URL (e.g. 'http://www.site.com/vuln.php?id=1).
  -r REQUESTFILE      Load HTTP request from a file
Request:
  These options can be used to specify how to connect to the target URL
  -A , --user-agent   HTTP User-Agent header value
  -H , --header       Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
  --host              HTTP Host header value
  --data              Data string to be sent through POST (e.g. "id=1")
  --cookie            HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
  --referer           HTTP Referer header value
  --headers           Extra headers (e.g. "Accept-Language: fr\nETag: 123")
  --proxy             Use a proxy to connect to the target URL
  --delay             Delay in seconds between each HTTP request
  --timeout           Seconds to wait before timeout connection (default 30)
  --retries           Retries when the connection related error occurs (default 3)
  --force-ssl         Force usage of SSL/HTTPS
Injection:
  These options can be used to specify which parameters to test for,
  provide custom injection payloads and optional tampering scripts
  -p TESTPARAMETER    Testable parameter(s)
  --dbms DBMS         Force back-end DBMS to provided value
  --prefix            Injection payload prefix string
  --suffix            Injection payload suffix string
Detection:
  These options can be used to customize the detection phase
  --level LEVEL       Level of tests to perform (1-3, default 1)
  --code CODE         HTTP code to match when query is evaluated to True
  --string            String to match when query is evaluated to True
  --not-string        String to match when query is evaluated to False
  --text-only         Compare pages based only on the textual content
Techniques:
  These options can be used to tweak testing of specific SQL injection
  techniques
  --technique TECH    SQL injection techniques to use (default "BEST")
  --time-sec TIMESEC  Seconds to delay the DBMS response (default 5)
Enumeration:
  These options can be used to enumerate the back-end database
  managment system information, structure and data contained in the
  tables.
  -b, --banner        Retrieve DBMS banner
  --current-user      Retrieve DBMS current user
  --current-db        Retrieve DBMS current database
  --hostname          Retrieve DBMS server hostname
  --dbs               Enumerate DBMS databases
  --tables            Enumerate DBMS database tables
  --columns           Enumerate DBMS database table columns
  --dump              Dump DBMS database table entries
  -D DB               DBMS database to enumerate
  -T TBL              DBMS database tables(s) to enumerate
  -C COLS             DBMS database table column(s) to enumerate
  --start             Retrive entries from offset for dbs/tables/columns/dump
  --stop              Retrive entries till offset for dbs/tables/columns/dump

0x03 項目鏈接下載

https://github.com/r0oth3x49/ghauri