自动检测和利用SQL注入工具

0x01 工具介绍

一个先进的跨平台工具，可以自动检测和利用SQL注入漏洞，支持布尔注入、时间注入、报错注入、堆叠查询，支持的数据库有MySQL，Microsoft SQL Server，Postgre，Oracle，支持的注入类型有GET、POST、COOKies等。

0x02 安装与使用

1、安装过程

git clone https://github.com/r0oth3x49/ghauri.gipip install --upgrade -r requirements.txtpython setup.py install or python -m pip install -e 

2、使用方法

 ghauri http://www.site.com/vuln.php?id=1 --dbs

3、其他参数

usage: ghauri -u URL [OPTIONS] A cross-platform python based advanced sql injections detection & exploitation tool. General: -h, --help          Shows the help. --version           Shows the version. -v VERBOSE          Verbosity level: 1-5 (default 1). --batch             Never ask for user input, use the default behavior --flush-session     Flush session files for current target Target: At least one of these options has to be provided to define the target(s)  -u URL, --url URL   Target URL (e.g. 'http://www.site.com/vuln.php?id=1). -r REQUESTFILE Load HTTP request from a file Request: These options can be used to specify how to connect to the target URL  -A , --user-agent   HTTP User-Agent header value -H , --header       Extra header (e.g. "X-Forwarded-For: 127.0.0.1") --host              HTTP Host header value --data              Data string to be sent through POST (e.g. "id=1") --cookie            HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..") --referer           HTTP Referer header value --headers           Extra headers (e.g. "Accept-Language: frnETag: 123") --proxy             Use a proxy to connect to the target URL --delay             Delay in seconds between each HTTP request --timeout           Seconds to wait before timeout connection (default 30) --retries           Retries when the connection related error occurs (default 3) --force-ssl         Force usage of SSL/HTTPS Injection: These options can be used to specify which parameters to test for, provide custom injection payloads and optional tampering scripts  -p TESTPARAMETER    Testable parameter(s) --dbms DBMS         Force back-end DBMS to provided value --prefix            Injection payload prefix string --suffix            Injection payload suffix string Detection: These options can be used to customize the detection phase  --level LEVEL       Level of tests to perform (1-3, default 1) --code CODE         HTTP code to match when query is evaluated to True --string            String to match when query is evaluated to True --not-string        String to match when query is evaluated to False --text-only         Compare pages based only on the textual content Techniques: These options can be used to tweak testing of specific SQL injection techniques  --technique TECH    SQL injection techniques to use (default "BEST") --time-sec TIMESEC  Seconds to delay the DBMS response (default 5) Enumeration: These options can be used to enumerate the back-end database managment system information, structure and data contained in the tables.  -b, --banner        Retrieve DBMS banner --current-user      Retrieve DBMS current user --current-db        Retrieve DBMS current database --hostname          Retrieve DBMS server hostname --dbs               Enumerate DBMS databases --tables            Enumerate DBMS database tables --columns           Enumerate DBMS database table columns --dump              Dump DBMS database table entries -D DB               DBMS database to enumerate -T TBL              DBMS database tables(s) to enumerate -C COLS             DBMS database table column(s) to enumerate --start             Retrive entries from offset for dbs/tables/columns/dump  --stop              Retrive entries till offset for dbs/tables/columns/dump

0x03 项目链接下载

https://github.com/r0oth3x49/ghauri

文章来源：系统安全运维

黑白之道发布、转载的文章中所涉及的技术、思路和工具仅供以安全为目的的学习交流使用，任何人不得将其用于非法用途及盈利等目的，否则后果自行承担！

如侵权请私聊我们删文

END