STRLCPY/ghauri

updated code quality to increase maximum of 10 threads for data retrieval in case of boolean based injection.
r0oth3x49 committed 1 year ago

ebd8c81c

1 parent 5da33a63

■ ■ ■ ■ ■ ■

ghauri/common/config.py

		skipped 82 lines
83	83		self.continue_on_http_error = continue_on_http_error
84	84		self.follow_redirects = follow_redirects
85	85		self.threads = threads
86		-	self._max_threads = 4
	86	+	self._max_threads = 10
87	87		self._thread_chars_query = {}
88	88		self.lock = Lock()
89	89		self.thread_warning = False
		skipped 5 lines
95	95		self.params_count = 0
96	96		self.confirm_payloads = False
97	97		self.safe_chars = None
	98	+	self.rto_warning = False
	99	+	self.rtom_warning = False
98	100
99	101		@property
100	102		def session_filepath(self):
		skipped 7 lines

■ ■ ■ ■ ■ ■

ghauri/core/extract.py

		skipped 760 lines
761	761		# if choice == "c":
762	762		# retry_on_error = 0
763	763		if conf._readtimout_counter >= 3:
764		-	logger.warning(
765		-	f"Ghauri detected readtimout '{conf._readtimout_counter}' time(s), increasing --timeout to 120 seconds, default was 30 seconds.."
766		-	)
767		-	conf.timeout += 90
768		-	conf._readtimout_counter = 0
	764	+	if conf.rto_warning:
	765	+	if not conf.rtom_warning:
	766	+	choice = logger.read_input(
	767	+	"Ghauri detected read timeout multiple time(s). Do you want to continue? [y/N] "
	768	+	)
	769	+	if choice == "n":
	770	+	logger.end("ending")
	771	+	exit(0)
	772	+	conf.rtom_warning = True
	773	+	if not conf.rto_warning:
	774	+	msgrto = ""
	775	+	if vector_type == "time_vector":
	776	+	msgrto = ", It is recommended to set high value of option(s) '--time-sec', increase delay between request(s) with an option '--delay'"
	777	+	if vector_type == "boolean_vector":
	778	+	msgrto = ", It is recommended to set high value of option(s) '--timeout' and also increase delay between each http request with an option '--delay'"
	779	+	logger.warning(
	780	+	f"Ghauri detected read timout '{conf._readtimout_counter}' time(s){msgrto}."
	781	+	)
	782	+	conf.rto_warning = True
	783	+	conf._readtimout_counter = 0
769	784		if delay > 0:
770	785		time.sleep(delay)
771	786		ascii_char = int((minimum + maximum) / 2)
		skipped 967 lines
1739	1754		pos = start_pos
1740	1755		total_length = length + 1
1741	1756		if conf.threads and not binary_search and not in_based_search:
1742		-	logger.warning(
1743		-	"ghauri will use a fallback leaner search to guess character(s), adjusting threads to 1"
	1757	+	logger.debug(
	1758	+	"Ghauri will use a fallback leaner search to guess character(s), adjusting threads to 1"
1744	1759		)
1745	1760		conf.threads = None
1746	1761		if conf.threads and vector_type == "boolean_vector":
1747	1762		if not conf.thread_warning:
1748		-	logger.warning(
	1763	+	logger.debug(
1749	1764		"it is recommended not to use threads for data exfiltration, it could cause harm to backend DBMS or result in incorrect character(s) guessing."
1750	1765		)
1751	1766		conf.thread_warning = True
		skipped 10 lines
1762	1777		sorted(conf._thread_chars_query.items())
1763	1778		)
1764	1779		if conf.threads > conf._max_threads:
1765		-	conf.threads = 4
	1780	+	conf.threads = conf._max_threads
1766	1781		if not conf.max_threads_warning:
1767	1782		logger.warning(
1768		-	"ghauri recommends using threads upto 4. adjusting total number of threads to 4."
	1783	+	f"Ghauri recommends using threads upto {conf._max_threads}. adjusting '--threads=\"{conf._max_threads}\"'."
1769	1784		)
1770	1785		conf.max_threads_warning = True
1771	1786		with futures.ThreadPoolExecutor(
		skipped 569 lines

updated code quality to increase maximum of 10 threads for data retrieval in case of boolean based injection.