السلام عليكم ورحمة الله وبركاته
أعتقد أن الأغلب يعرف أداة SQLMAP للحقن الأوتوماتيكي ولكن من الجيد استعمال أكثر من أداة
Supports following types of injection payloads:
Boolean based.
Error Based
Time Based
Stacked Queries
Support SQL injection for following DBMS.
MySQL
Microsoft SQL Server
Postgres
Oracle
Microsoft Access (only supports fingerprint for now in case of boolean based blind)
Supports following injection types.
GET/POST Based injections
Headers Based injections
Cookies Based injections
Mulitipart Form data injections
JSON based injections
SOAP/XML based injections
support proxy option --proxy.
supports parsing request from txt file: switch for that -r file.txt
supports limiting data extraction for dbs/tables/columns/dump: switch --start 1 --stop 2
added support for resuming of all phases.
added support for skip urlencoding switch: --skip-urlencode
added support to verify extracted characters in case of boolean/time based injections.
added support for handling redirects on user demand.
added support for sql-shell switch: --sql-shell (experimental)
added support for fresh queries switch: --fresh-queries
added switch for hostname extraction: --hostname
added switch to update ghauri from github: --update
Note: ghauri has to be cloned/installed from github for this switch to work for futures updates,for older version users they have to run git pull (if installed using git) to get this updateand for futures updates the update will be possible with ghauri --update command to get thelatest version of ghauri.
خطوات التنزيل والتنصيب تجدونها في رابط ال Github:
GitHub - r0oth3x49/ghauri: An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws
An advanced cross-platform tool that automates the process of detecting and exploiting SQL injection security flaws - r0oth3x49/ghauri
github.com
التعديل الأخير بواسطة المشرف:
