Feature:

• added support for URI injection in case of no parameters are detected in GET, POST or any custom injection marker found. (#61 feature request)

Fixes

• fixed issue with regex processing multipart/form-data

Fixes

• fixed issue with HTTP request parsing #80.

Features

• added support for sql-shell switch: --sql-shell (experimental)
• added support for fresh queries switch: --fresh-queries
• added switch for hostname extraction: --hostname

Fixes

• Fixed issue with processing multiple switches.

• Updated code quality to improve boolean based detection for case content length.
• Added initial requests to function where retry mechanism is already in place.

• Added switch for performing tests based on title(s) --test-filter (experimental)
• Added further data retrieval payloads.
• Updated code for confirming character(s) when --fetch-using=between is used.

Features & Fixes

• Added switch to skip url encoding specific characters: (e.g --safe-chars="[]()>")
• Added switch for using different operators for data retrieval: (e.g --fetch-using=between)
• Added switch for confirming the identified injection payload Ghauri resumes: --confirm.
• Fixed multiple issues and updated code quality.

• Fixed issue with Oracle column retrieval query
• added few more payloads.

• fixed multiple issues related to session.

• Added support for testing multiple parameter(s) on user demand.