Ghauri：一款功能强大的SQL注入漏洞自动化检测和利用工具

支持以下类型的注入有效负载：基于布尔。基于错误基于时间堆叠查询支持以下 DBMS 的 SQL 注入。MySQL微软SQL服务器Postgres甲骨文Microsoft Access（目前仅支持基于布尔盲的指纹）支持以下注入类型。基于 GET/POST 的注入基于标头的注入基于 Cookie 的注入多部分表单数据注入基于 JSON 的注入基于 SOAP/XML 的注入支持代理选项--proxy。支持从 txt 文件解析请求：-r file.txt 的开关支持限制 dbs/tables/columns/dump 的数据提取：switch --start 1 --stop 2添加了对恢复所有阶段的支持。添加了对跳过 urlencoding 开关的支持：--skip-urlencode添加了在基于布尔/时间的注入时验证提取字符的支持。添加了对根据用户需求处理重定向的支持。添加了对 sql-shell 开关的支持：--sql-shell（实验性）添加了对新查询开关的支持：--fresh-queries添加了主机名提取开关：--hostname添加了从 github 更新 ghauri 的开关：--update

General:  -h, --help          Shows the help.  --version           Shows the version.  -v VERBOSE          Verbosity level: 1-5 (default 1).  --update            update ghauri  --batch             Never ask for user input, use the default behavior  --flush-session     Flush session files for current target  --fresh-queries     Ignore query results stored in session file  --test-filter       Select test payloads by titles (experimental)Target:  At least one of these options has to be provided to define the  target(s)  -u URL, --url URL   Target URL (e.g. 'http://www.site.com/vuln.php?id=1).  -r REQUESTFILE      Load HTTP request from a fileRequest:  These options can be used to specify how to connect to the target URL  -A , --user-agent   HTTP User-Agent header value  -H , --header       Extra header (e.g. "X-Forwarded-For: 127.0.0.1")  --host              HTTP Host header value  --data              Data string to be sent through POST (e.g. "id=1")  --cookie            HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")  --referer           HTTP Referer header value  --headers           Extra headers (e.g. "Accept-Language: frnETag: 123")  --proxy             Use a proxy to connect to the target URL  --delay             Delay in seconds between each HTTP request  --timeout           Seconds to wait before timeout connection (default 30)  --retries           Retries when the connection related error occurs (default 3)  --confirm           Confirm the injected payloads.  --skip-urlencode    Skip URL encoding of payload data  --force-ssl         Force usage of SSL/HTTPSOptimization:  These options can be used to optimize the performance of ghauri  --threads THREADS   Max number of concurrent HTTP(s) requests (default 1)Injection:  These options can be used to specify which parameters to test for,  provide custom injection payloads and optional tampering scripts  -p TESTPARAMETER    Testable parameter(s)  --dbms DBMS         Force back-end DBMS to provided value  --prefix            Injection payload prefix string  --suffix            Injection payload suffix string  --safe-chars        Skip URL encoding of specific character(s): (e.g:- --safe-chars="[]")  --fetch-using       Fetch data using different operator(s): (e.g: --fetch-using=between/in)Detection:  These options can be used to customize the detection phase  --level LEVEL       Level of tests to perform (1-3, default 1)  --code CODE         HTTP code to match when query is evaluated to True  --string            String to match when query is evaluated to True  --not-string        String to match when query is evaluated to False  --text-only         Compare pages based only on the textual contentTechniques:  These options can be used to tweak testing of specific SQL injection  techniques  --technique TECH    SQL injection techniques to use (default "BEST")  --time-sec TIMESEC  Seconds to delay the DBMS response (default 5)Enumeration:  These options can be used to enumerate the back-end database  management system information, structure and data contained in the  tables.  -b, --banner        Retrieve DBMS banner  --current-user      Retrieve DBMS current user  --current-db        Retrieve DBMS current database  --hostname          Retrieve DBMS server hostname  --dbs               Enumerate DBMS databases  --tables            Enumerate DBMS database tables  --columns           Enumerate DBMS database table columns  --dump              Dump DBMS database table entries  -D DB               DBMS database to enumerate  -T TBL              DBMS database tables(s) to enumerate  -C COLS             DBMS database table column(s) to enumerate  --start             Retrieve entries from offset for dbs/tables/columns/dump  --stop              Retrieve entries till offset for dbs/tables/columns/dump  --sql-shell         Prompt for an interactive SQL shell (experimental)Example:  ghauri -u http://www.site.com/vuln.php?id=1 --dbs