crash.software
Projects
Pull Requests
Issues
Builds
ghauri
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY ghauri Commits fec7c66c
🤬

  • updated code quality, fixed issue with json content-type header when user provides json data using switch --data, bumped version 1.1.3..

  • Loading...
  • r0oth3x49 committed 1 year ago
    fec7c66c
    1 parent 0eb702de
  • ■ ■ ■ ■
    README.md
    1  -[![GitHub release](https://img.shields.io/badge/release-v1.1.2-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.1.2)
     1 +[![GitHub release](https://img.shields.io/badge/release-v1.1.3-brightgreen?style=flat-square)](https://github.com/r0oth3x49/ghauri/releases/tag/1.1.3)
    2 2  [![GitHub stars](https://img.shields.io/github/stars/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/stargazers)
    3 3  [![GitHub forks](https://img.shields.io/github/forks/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/network)
    4 4  [![GitHub issues](https://img.shields.io/github/issues/r0oth3x49/ghauri?style=flat-square)](https://github.com/r0oth3x49/ghauri/issues)
    skipped 157 lines
  • ■ ■ ■ ■
    ghauri/__init__.py
    skipped 23 lines
    24 24   
    25 25  """
    26 26   
    27  -__version__ = "1.1.2"
     27 +__version__ = "1.1.3"
    28 28  __author__ = "Nasir Khan (r0ot h3x49)"
    29 29  __license__ = "MIT"
    30 30  __copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"
    skipped 2 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/common/lib.py
    skipped 130 lines
    131 131   r"PG::SyntaxError:",
    132 132   r"org\.postgresql\.util\.PSQLException",
    133 133   r"ERROR:\s\ssyntax error at or near ",
     134 + r"(?is)(?:ERROR:\s*syntax error at or near\s*)",
    134 135   r"ERROR: parser: parse error at or near",
     136 + r"(?is)(?:ERROR: parser: parse error at or near)",
    135 137   r"PostgreSQL query failed",
     138 + r"(?is)(?:PostgreSQL query failed)",
    136 139   r"org\.postgresql\.jdbc",
    137 140   r"Pdo[./_\\]Pgsql",
    138 141   r"PSQLException",
    skipped 143 lines
  • ■ ■ ■ ■ ■
    ghauri/common/utils.py
    skipped 1123 lines
    1124 1124   injection_type=injection_type,
    1125 1125   is_multipart=is_multipart,
    1126 1126   )
    1127  - if encode and is_json:
    1128  - payload = urlencode(
    1129  - value=payload,
    1130  - decode_first=True,
    1131  - injection_type=injection_type,
    1132  - is_multipart=is_multipart,
    1133  - )
    1134 1127   key_to_split_by = urldecode(key)
    1135 1128   if (
    1136 1129   injection_type in ["GET", "POST", "COOKIE", "HEADER"]
    skipped 328 lines
    1465 1458   pass
    1466 1459   if is_json:
    1467 1460   params = extract_json_data(data)
     1461 + if not params:
     1462 + is_json = False
    1468 1463   else:
    1469 1464   MULTIPART_RECOGNITION_REGEX = r"(?i)Content-Disposition:[^;]+;\s*name="
    1470 1465   mobj = re.search(MULTIPART_RECOGNITION_REGEX, data)
    skipped 137 lines
    1608 1603   if sph and len(sph) == 2:
    1609 1604   header.update({sph[0].strip(): sph[1].strip()})
    1610 1605   if not use_requests:
    1611  - # building headers for build_opener addHeaders
    1612  - # _temp = []
    1613  - # for key, value in header.items():
    1614  - # _temp.append((key, value))
    1615  - # custom_headers = _temp
    1616  - # Request object uses headers in dictionary format..
    1617 1606   custom_headers = header
    1618 1607   else:
    1619 1608   custom_headers = header
    skipped 207 lines
  • ■ ■ ■ ■ ■ ■
    ghauri/core/request.py
    skipped 53 lines
    54 54   
    55 55  class HTTPRequestHandler:
    56 56   """
    57  - Xpath requests handler
     57 + Ghauri requests handler
    58 58   """
    59 59   
    60 60   def perform(
    skipped 29 lines
    90 90   "filtered_text",
    91 91   ],
    92 92   )
    93  - # commented out as we have figured out how to use build_opener with multipart/json based post request..
    94  - # if is_multipart:
    95  - # use_requests = True
    96 93   if connection_test:
    97 94   clean_up = lambda _: _.replace("*", "") if _ and "*" in _ else _
    98 95   url = clean_up(url)
    skipped 6 lines
    105 102   raw = req.raw
    106 103   endpoint = req.endpoint
    107 104   custom_headers = req.headers
     105 + if conf.is_json:
     106 + custom_headers.update({"Content-Type": "application/json"})
    108 107   request_url = req.request.get("url")
    109 108   logger.traffic_out(f"HTTP request:\n{raw}")
    110 109   headers = {}
    skipped 171 lines
  • ■ ■ ■ ■
    setup.py
    skipped 4 lines
    5 5   
    6 6  setup(
    7 7   name="ghauri",
    8  - version="1.1.2",
     8 + version="1.1.3",
    9 9   description="An advanced SQL injection detection & exploitation tool.",
    10 10   classifiers=["Programming Language :: Python3"],
    11 11   author="Nasir Khan",
    skipped 28 lines
Please wait...
Page is in error, reload to recover