|
|
自动检测和利用SQL注入工具 -- ghauri (qq.com)
0x01 工具介绍
一个先进的跨平台工具,可以自动检测和利用SQL注入漏洞,支持布尔注入、时间注入、报错注入、堆叠查询,支持的数据库有MySQL,Microsoft SQL Server,Postgre,Oracle,支持的注入类型有GET、POST、COOKies等。
0x02 安装与使用
1、安装过程
- <code>git clone https://github.com/r0oth3x49/ghauri.gi</code><code>pip install --upgrade -r requirements.txt</code><code>python setup.py install or python -m pip install -e</code>
- ghauri http://www.site.com/vuln.php?id=1 --dbs
3、其他参数
- usage: ghauri -u URL [OPTIONS]
- A cross-platform python based advanced sql injections detection & exploitation tool.
- General:
- -h, --help Shows the help.
- --version Shows the version.
- -v VERBOSE Verbosity level: 1-5 (default 1).
- --batch Never ask for user input, use the default behavior
- --flush-session Flush session files for current target
- Target:
- At least one of these options has to be provided to define the
- target(s)
- -u URL, --url URL Target URL (e.g. 'http://www.site.com/vuln.php?id=1).
- -r REQUESTFILE Load HTTP request from a file
- Request:
- These options can be used to specify how to connect to the target URL
- -A , --user-agent HTTP User-Agent header value
- -H , --header Extra header (e.g. "X-Forwarded-For: 127.0.0.1")
- --host HTTP Host header value
- --data Data string to be sent through POST (e.g. "id=1")
- --cookie HTTP Cookie header value (e.g. "PHPSESSID=a8d127e..")
- --referer HTTP Referer header value
- --headers Extra headers (e.g. "Accept-Language: fr\nETag: 123")
- --proxy Use a proxy to connect to the target URL
- --delay Delay in seconds between each HTTP request
- --timeout Seconds to wait before timeout connection (default 30)
- --retries Retries when the connection related error occurs (default 3)
- --force-ssl Force usage of SSL/HTTPS
- Injection:
- These options can be used to specify which parameters to test for,
- provide custom injection payloads and optional tampering scripts
- -p TESTPARAMETER Testable parameter(s)
- --dbms DBMS Force back-end DBMS to provided value
- --prefix Injection payload prefix string
- --suffix Injection payload suffix string
- Detection:
- These options can be used to customize the detection phase
- --level LEVEL Level of tests to perform (1-3, default 1)
- --code CODE HTTP code to match when query is evaluated to True
- --string String to match when query is evaluated to True
- --not-string String to match when query is evaluated to False
- --text-only Compare pages based only on the textual content
- Techniques:
- These options can be used to tweak testing of specific SQL injection
- techniques
- --technique TECH SQL injection techniques to use (default "BEST")
- --time-sec TIMESEC Seconds to delay the DBMS response (default 5)
- Enumeration:
- These options can be used to enumerate the back-end database
- managment system information, structure and data contained in the
- tables.
- -b, --banner Retrieve DBMS banner
- --current-user Retrieve DBMS current user
- --current-db Retrieve DBMS current database
- --hostname Retrieve DBMS server hostname
- --dbs Enumerate DBMS databases
- --tables Enumerate DBMS database tables
- --columns Enumerate DBMS database table columns
- --dump Dump DBMS database table entries
- -D DB DBMS database to enumerate
- -T TBL DBMS database tables(s) to enumerate
- -C COLS DBMS database table column(s) to enumerate
- --start Retrive entries from offset for dbs/tables/columns/dump
- --stop Retrive entries till offset for dbs/tables/columns/dump
|
|
发表于 2022-10-8 19:30:53