| skipped 29 lines |
30 | 30 | | from ghauri.core.extract import ghauri_extractor |
31 | 31 | | from ghauri.logger.colored_logger import logger, set_level |
32 | 32 | | from ghauri.core.tests import basic_check, check_injections |
| 33 | + | from ghauri.core.extract import ghauri_extractor as ge |
33 | 34 | | from ghauri.common.lib import ( |
34 | 35 | | os, |
35 | 36 | | re, |
| skipped 54 lines |
90 | 91 | | safe_chars=None, |
91 | 92 | | fetch_using=None, |
92 | 93 | | test_filter=None, |
| 94 | + | sql_shell=False, |
| 95 | + | fresh_queries=False, |
93 | 96 | | ): |
94 | 97 | | verbose_levels = { |
95 | 98 | | 1: logging.INFO, |
| skipped 9 lines |
105 | 108 | | conf.timesec = timesec |
106 | 109 | | conf.fetch_using = fetch_using |
107 | 110 | | conf.test_filter = test_filter |
| 111 | + | conf.fresh_queries = fresh_queries |
108 | 112 | | logger.start("starting") |
109 | 113 | | if not force_ssl: |
110 | 114 | | ssl._create_default_https_context = ssl._create_unverified_context |
| skipped 315 lines |
426 | 430 | | ) |
427 | 431 | | logger.end("ending") |
428 | 432 | | exit(1) |
429 | | - | return GhauriResponse( |
430 | | - | url=url, |
431 | | - | data=data, |
432 | | - | vector=vector, |
433 | | - | backend=backend, |
434 | | - | parameter=parameter, |
435 | | - | headers=full_headers, |
436 | | - | base=base, |
437 | | - | injection_type=injection_type, |
438 | | - | proxy=proxy, |
439 | | - | filepaths=filepaths, |
440 | | - | is_injected=True, |
441 | | - | is_multipart=is_multipart, |
442 | | - | attack=attack, |
443 | | - | match_string=match_string, |
444 | | - | vectors=vectors, |
445 | | - | code=code if code != 200 else None, |
446 | | - | not_match_string=None, |
447 | | - | text_only=conf.text_only, |
448 | | - | ) |
| 433 | + | if sql_shell: |
| 434 | + | logger.info( |
| 435 | + | "calling MySQL shell. To quit type 'x' or 'q' and press ENTER" |
| 436 | + | ) |
| 437 | + | while True: |
| 438 | + | choice = logger.read_input("sql-shell> ") |
| 439 | + | if choice: |
| 440 | + | if choice.lower() in ["x", "q"]: |
| 441 | + | break |
| 442 | + | logger.info(f"fetching SQL query output: '{choice}'") |
| 443 | + | retval = ghauri_extractor.fetch_characters( |
| 444 | + | url=url, |
| 445 | + | data=data, |
| 446 | + | vector=vector, |
| 447 | + | parameter=parameter, |
| 448 | + | headers=full_headers, |
| 449 | + | base=base, |
| 450 | + | injection_type=injection_type, |
| 451 | + | payloads=[choice], |
| 452 | + | backend=backend, |
| 453 | + | proxy=proxy, |
| 454 | + | is_multipart=is_multipart, |
| 455 | + | timeout=timeout, |
| 456 | + | delay=delay, |
| 457 | + | timesec=timesec, |
| 458 | + | attack01=attack, |
| 459 | + | match_string=match_string, |
| 460 | + | not_match_string=None, |
| 461 | + | code=code if code != 200 else None, |
| 462 | + | text_only=conf.text_only, |
| 463 | + | dump_type=choice, |
| 464 | + | ) |
| 465 | + | if retval.ok: |
| 466 | + | if retval.resumed: |
| 467 | + | logger.info("resumed: '%s'" % (retval.result)) |
| 468 | + | else: |
| 469 | + | logger.info("retrieved: '%s'" % (retval.result)) |
| 470 | + | logger.success(f"{choice}: '{retval.result}'") |
| 471 | + | logger.info( |
| 472 | + | f"fetched data logged to text files under: '{filepaths.filepath}'" |
| 473 | + | ) |
| 474 | + | logger.end("ending") |
| 475 | + | exit(0) |
| 476 | + | else: |
| 477 | + | return GhauriResponse( |
| 478 | + | url=url, |
| 479 | + | data=data, |
| 480 | + | vector=vector, |
| 481 | + | backend=backend, |
| 482 | + | parameter=parameter, |
| 483 | + | headers=full_headers, |
| 484 | + | base=base, |
| 485 | + | injection_type=injection_type, |
| 486 | + | proxy=proxy, |
| 487 | + | filepaths=filepaths, |
| 488 | + | is_injected=True, |
| 489 | + | is_multipart=is_multipart, |
| 490 | + | attack=attack, |
| 491 | + | match_string=match_string, |
| 492 | + | vectors=vectors, |
| 493 | + | code=code if code != 200 else None, |
| 494 | + | not_match_string=None, |
| 495 | + | text_only=conf.text_only, |
| 496 | + | ) |
449 | 497 | | # end of injection |
450 | 498 | | logger.critical("all tested parameters do not appear to be injectable.") |
451 | 499 | | logger.end("ending") |
| skipped 68 lines |
520 | 568 | | self._code = code |
521 | 569 | | self._text_only = text_only |
522 | 570 | | |
523 | | - | def __end(self, database="", table="", fetched=True): |
| 571 | + | def _end(self, database="", table="", fetched=True): |
524 | 572 | | new_line = "" |
525 | 573 | | if database and table: |
526 | 574 | | filepath = os.path.join(conf.filepaths.filepath, "dump") |
| skipped 30 lines |
557 | 605 | | text_only=self._text_only, |
558 | 606 | | ) |
559 | 607 | | fetched = response.ok |
560 | | - | if fetched: |
561 | | - | logger.success("") |
562 | | - | self.__end(fetched=fetched) |
| 608 | + | # if fetched: |
| 609 | + | # logger.success("") |
563 | 610 | | return response |
564 | 611 | | |
565 | 612 | | def extract_hostname(self): |
| skipped 18 lines |
584 | 631 | | text_only=self._text_only, |
585 | 632 | | ) |
586 | 633 | | fetched = response.ok |
587 | | - | if fetched: |
588 | | - | logger.success("") |
589 | | - | self.__end(fetched=fetched) |
| 634 | + | # if fetched: |
| 635 | + | # logger.success("") |
590 | 636 | | return response |
591 | 637 | | |
592 | 638 | | def extract_current_db(self): |
| skipped 18 lines |
611 | 657 | | text_only=self._text_only, |
612 | 658 | | ) |
613 | 659 | | fetched = response.ok |
614 | | - | if fetched: |
615 | | - | logger.success("") |
616 | | - | self.__end(fetched=fetched) |
| 660 | + | # if fetched: |
| 661 | + | # logger.success("") |
617 | 662 | | return response |
618 | 663 | | |
619 | 664 | | def extract_current_user(self): |
| skipped 18 lines |
638 | 683 | | text_only=self._text_only, |
639 | 684 | | ) |
640 | 685 | | fetched = response.ok |
641 | | - | if fetched: |
642 | | - | logger.success("") |
643 | | - | self.__end(fetched=fetched) |
| 686 | + | # if fetched: |
| 687 | + | # logger.success("") |
644 | 688 | | return response |
645 | 689 | | |
646 | 690 | | def extract_dbs(self, start=0, stop=None): |
| skipped 22 lines |
669 | 713 | | fetched = response.ok |
670 | 714 | | if not fetched: |
671 | 715 | | response = self.extract_current_db() |
672 | | - | if fetched: |
673 | | - | logger.success("") |
674 | | - | self.__end(fetched=fetched) |
| 716 | + | # if fetched: |
| 717 | + | # logger.success("") |
675 | 718 | | return response |
676 | 719 | | |
677 | 720 | | def extract_tables(self, database="", start=0, stop=None, dump_requested=False): |
| skipped 21 lines |
699 | 742 | | database=database, |
700 | 743 | | ) |
701 | 744 | | fetched = response.ok |
702 | | - | if fetched: |
703 | | - | logger.success("") |
704 | | - | else: |
705 | | - | logger.error("unable to retrieve the table names for any database") |
706 | | - | print("\n") |
707 | | - | if not dump_requested: |
708 | | - | self.__end(fetched=True) |
| 745 | + | # if not fetched: |
| 746 | + | # logger.success("") |
| 747 | + | # else: |
| 748 | + | # logger.error("unable to retrieve the table names for any database") |
| 749 | + | # print("\n") |
709 | 750 | | return response |
710 | 751 | | |
711 | 752 | | def extract_columns( |
| skipped 24 lines |
736 | 777 | | table=table, |
737 | 778 | | ) |
738 | 779 | | fetched = response.ok |
739 | | - | if fetched: |
740 | | - | logger.success("") |
741 | | - | if not dump_requested: |
742 | | - | self.__end(fetched=fetched) |
| 780 | + | # if fetched: |
| 781 | + | # logger.success("") |
743 | 782 | | return response |
744 | 783 | | |
745 | 784 | | def extract_records( |
| skipped 33 lines |
779 | 818 | | fetched = response.ok |
780 | 819 | | if fetched: |
781 | 820 | | if not dump_requested: |
782 | | - | logger.success("") |
783 | | - | self.__end(database=database, table=table, fetched=fetched) |
784 | | - | else: |
785 | | - | if not dump_requested: |
786 | | - | self.__end(fetched=fetched) |
| 821 | + | # logger.success("") |
| 822 | + | self._end(database=database, table=table, fetched=False) |
787 | 823 | | return response |
788 | 824 | | |
789 | 825 | | def dump_database(self, database="", start=0, stop=None, dump_requested=False): |
| skipped 22 lines |
812 | 848 | | dump_requested=dump_requested, |
813 | 849 | | ) |
814 | 850 | | if retval_dump.ok: |
815 | | - | self.__end(database=database, table=table, fetched=False) |
816 | | - | self.__end(fetched=True) |
| 851 | + | self._end(database=database, table=table, fetched=False) |
817 | 852 | | |
818 | 853 | | def dump_table( |
819 | 854 | | self, database="", table="", start=0, stop=None, dump_requested=False |
| skipped 15 lines |
835 | 870 | | dump_requested=dump_requested, |
836 | 871 | | ) |
837 | 872 | | if retval_dump.ok: |
838 | | - | self.__end(database=database, table=table, fetched=False) |
839 | | - | self.__end(fetched=True) |
| 873 | + | self._end(database=database, table=table, fetched=False) |
| 874 | + | |
| 875 | + | def dump_current_db( |
| 876 | + | self, database="", start=0, stop=None, current_db=None, dump_requested=False |
| 877 | + | ): |
| 878 | + | logger.warning( |
| 879 | + | "missing database parameter. Ghauri is going to use the current database to enumerate table(s) entries" |
| 880 | + | ) |
| 881 | + | if not current_db: |
| 882 | + | retval_current_db = self.extract_current_db() |
| 883 | + | if retval_current_db.ok: |
| 884 | + | current_db = retval_current_db.result.strip() |
| 885 | + | if current_db: |
| 886 | + | retval_tables = self.extract_tables( |
| 887 | + | database=current_db, |
| 888 | + | start=start, |
| 889 | + | stop=stop, |
| 890 | + | dump_requested=dump_requested, |
| 891 | + | ) |
| 892 | + | if retval_tables.ok: |
| 893 | + | for table in retval_tables.result: |
| 894 | + | retval_columns = self.extract_columns( |
| 895 | + | database=current_db, |
| 896 | + | table=table, |
| 897 | + | start=start, |
| 898 | + | stop=stop, |
| 899 | + | dump_requested=dump_requested, |
| 900 | + | ) |
| 901 | + | if retval_columns.ok: |
| 902 | + | retval_dump = self.extract_records( |
| 903 | + | database=current_db, |
| 904 | + | table=table, |
| 905 | + | columns=",".join(list(retval_columns.result)), |
| 906 | + | start=start, |
| 907 | + | stop=stop, |
| 908 | + | dump_requested=dump_requested, |
| 909 | + | ) |
| 910 | + | if retval_dump.ok: |
| 911 | + | self._end(database=current_db, table=table, fetched=False) |
| 912 | + | else: |
| 913 | + | logger.error( |
| 914 | + | "Ghauri is expecting database name to enumerate table(s) entries." |
| 915 | + | ) |
840 | 916 | | |