Projects STRLCPY ghauri Commits f3fb6c94
🤬
  • updated code quality, when user provides test-filter switch, ghauri should avoid setting techniques..

  • Loading...
  • r0oth3x49 committed 1 year ago
    f3fb6c94
    1 parent 08358a66
  • ■ ■ ■ ■ ■ ■
    ghauri/core/tests.py
    skipped 190 lines
    191 191   logger.notice(
    192 192   f"heuristic (basic) test shows that {_it} parameter '{param_name}' might be injectable (possible DBMS: '{possible_dbms}')"
    193 193   )
    194  - _tech = (
    195  - f"{mc}--technique='E{techniques}'{nc}"
    196  - if "E" not in techniques
    197  - else None
    198  - )
    199  - if _tech:
    200  - logger.notice(
    201  - f"Ghauri is going to set {_tech} as heuristic (basic) detected a possible DBMS '{possible_dbms}' from SQL error message"
     194 + if not conf.test_filter:
     195 + _tech = (
     196 + f"{mc}--technique='E{techniques}'{nc}"
     197 + if "E" not in techniques
     198 + else None
    202 199   )
     200 + if _tech:
     201 + logger.notice(
     202 + f"Ghauri is going to set {_tech} as heuristic (basic) detected a possible DBMS '{possible_dbms}' from SQL error message"
     203 + )
    203 204   break
    204 205   if attack.status_code != 400:
    205 206   break
    skipped 2323 lines
  • ■ ■ ■ ■ ■
    ghauri/ghauri.py
    skipped 344 lines
    345 345   msg = f"testing for SQL injection on {injection_type} parameter '{param_name}'"
    346 346   logger.info(msg)
    347 347   if possible_dbms:
    348  - techniques = f"E{techniques.upper()}"
     348 + if not conf.test_filter:
     349 + techniques = f"E{techniques.upper()}"
    349 350   if not dbms:
    350 351   choice = logger.read_input(
    351 352   f"it looks like the back-end DBMS is '{possible_dbms}'. Do you want to skip test payloads specific for other DBMSes? [Y/n] ",
    skipped 476 lines
Please wait...
Page is in error, reload to recover