| skipped 9 lines |
10 | 10 | | |
11 | 11 | | ## ***Module Installation*** |
12 | 12 | | |
13 | | - | pip install -r requirements.txt |
| 13 | + | - cd to **ghauri** directory. |
| 14 | + | - run: `python setup.py install` or `python -m pip install -e .` |
| 15 | + | - you will be able to access and run the ghauri with simple `ghauri --help` command. |
14 | 16 | | |
15 | 17 | | ## ***Download Ghauri*** |
16 | 18 | | |
| skipped 2 lines |
19 | 21 | | git clone https://github.com/r0oth3x49/ghauri.git |
20 | 22 | | |
21 | 23 | | ## ***Features*** |
22 | | - | - Supports boolean/time/error based MySQL/PostgreSQL/MSSQL/Oracle injections. |
23 | | - | - Supports all types (HEADERS/COOKIE/POST/GET) for the listed dbms. |
24 | | - | - Added switch to support proxy option `--proxy`. |
25 | | - | - Added swicth to force SSL connection `--force-ssl`. |
| 24 | + | - Supports following types of injection payloads: |
| 25 | + | - Boolean based. |
| 26 | + | - Error Based |
| 27 | + | - Time Based |
| 28 | + | - Stacked Queries |
| 29 | + | - Support SQL injection for following DBMS. |
| 30 | + | - MySQL |
| 31 | + | - Microsoft SQL Server |
| 32 | + | - Postgre |
| 33 | + | - Oracle |
| 34 | + | - Supports following injection types. |
| 35 | + | - GET/POST Based injections |
| 36 | + | - Headers Based injections |
| 37 | + | - Cookies Based injections |
| 38 | + | - Mulitipart Form data injections |
| 39 | + | - JSON based injections |
| 40 | + | - support proxy option `--proxy`. |
| 41 | + | - supports parsing request from txt file: switch for that `-r file.txt` |
| 42 | + | - supports limiting data extraction for dbs/tables/columns/dump: swicth `--start 1 --stop 2` |
26 | 43 | | |
27 | 44 | | |
28 | 45 | | ## **Advanced Usage** |
| skipped 47 lines |
76 | 93 | | Detection: |
77 | 94 | | These options can be used to customize the detection phase |
78 | 95 | | |
79 | | - | --level Level of tests to perform (1-3, default 1) |
| 96 | + | --level LEVEL Level of tests to perform (1-3, default 1) |
| 97 | + | --code CODE HTTP code to match when query is evaluated to True |
| 98 | + | --string String to match when query is evaluated to True |
| 99 | + | --not-string String to match when query is evaluated to False |
| 100 | + | --text-only Compare pages based only on the textual content |
80 | 101 | | |
81 | 102 | | Techniques: |
82 | 103 | | These options can be used to tweak testing of specific SQL injection |
83 | 104 | | techniques |
84 | 105 | | |
85 | | - | --technique TECH SQL injection techniques to use (default "BTE") |
| 106 | + | --technique TECH SQL injection techniques to use (default "BEST") |
86 | 107 | | --time-sec TIMESEC Seconds to delay the DBMS response (default 5) |
87 | 108 | | |
88 | 109 | | Enumeration: |
| skipped 26 lines |
115 | 136 | | It is the end user's responsibility to obey all applicable local,state and federal laws. |
116 | 137 | | Developer assume no liability and is not responsible for any misuse or damage caused by this program. |
117 | 138 | | |
| 139 | + | ## **TODO** |
| 140 | + | - Add support for inline queries. |