Ghauri - A Pen Testing Tool for Automated SQLi and XSS Detection
Dr.P.Venkadesh Dr.S.V.Divya
Professor/AI&DS,
V.S.B College of Engineering Technical
Campus,Coimbatore,TN, India
[email protected]
Subashkumar.K, Yogaraj.S,
U.G Student/AI & DS, U.G Student/AI & DS,
V.S.B College of Engineering Technical V.S.B College of Engineering Technical
Campus, Coimbatore, TN, India Campus, Coimbatore, TN, India
[email protected]
[email protected]
[email protected]
Abstract : The ever-growing reliance on web
applications in today's digital landscape introduces
inherent vulnerabilities. These vulnerabilities act as
exploitable weaknesses, akin to cracks in a fortress
wall, allowing malicious actors to gain unauthorized
access. Among the most prevalent and critical
vulnerabilities are SQL Injection (SQLi) and Cross-
Site Scripting (XSS). These vulnerabilities can be
leveraged by attackers to compromise sensitive data,
disrupt website functionality, or steal user
credentials. The consequences can be severe, ranging
from financial losses to reputational damage and
even identity theft. Traditional methods of
vulnerability detection often involve manual
processes, which can be time-consuming and
susceptible to human error. This paper introduces
Ghauri, a Python-based, cross-platform tool designed
to automate the detection and exploitation of SQL
Injection (SQLi) and Cross-Site Scripting (XSS)
vulnerabilities in web applications. We begin by
outlining the prevalence and criticality of SQLi and
XSS vulnerabilities, highlighting their ability to
compromise sensitive data and disrupt website
functionality. Traditional methods of vulnerability
detection are often time-consuming, labor-intensive,
and susceptible to human error. Ghauri addresses
these limitations by offering an automated approach.
Ghauri boasts a comprehensive suite of
functionalities, includes Automated Vulnerability
Scanning and Advanced Exploit Techniques. The
paper concludes by exploring Ghauri's future
potential enhancements like integrating advanced
fuzzing techniques and expanding the tool's
vulnerability coverage. It emphasize the ethical use
of such tools, advocating for responsible disclosure
practices. Continuous development is crucial to stay
ahead of evolving cyber threats.
Keywords:
SQL Injection, XSS, Vulnerability Detection,
Automation, Python, Security Testing, Ghauri
I. INTRODUCTION
Web applications have become a fundamental aspect of
modern internet usage, enabling a wide array of services from
online banking to social media. However, this ubiquity also
brings significant security risks. Studies indicate that nearly
half of all websites contain high-risk vulnerabilities, making
Professor/CSE,
V.S.B College of Engineering Technical
Campus,Coimbatore,TN. India
[email protected]
Sahithiyan.M,
U.G Student/AI & DS,
V.S.B College of Engineering Technical
Campus, Coimbatore, TN, India
them prime targets for cyberattacks. The inherent openness of
the internet exacerbates this issue, presenting numerous
potential attack vectors that malicious actors can exploit.
These vulnerabilities, if left unaddressed, can lead to
unauthorized access, data breaches, and operational
disruptions. Effective detection and prevention of these threats
remain a persistent challenge. Despite the availability of
various security measures such as secure coding practices,
static and dynamic code analysis, and the application of
machine learning techniques, achieving comprehensive
protection is complex and elusive [1].
Among the myriad of web application vulnerabilities,
SQL Injection (SQLi) and Cross-Site Scripting (XSS) are
particularly concerning. SQLi attacks exploit flaws in how
web applications handle user input, allowing attackers to
inject malicious SQL code and manipulate database
operations. This can result in unauthorized data access,
modification, or even complete database compromise [2].
Similarly, XSS vulnerabilities enable attackers to inject
malicious scripts into web pages viewed by other users,
potentially leading to data theft, session hijacking, and other
malicious activities [3].
The prevalence and impact of these vulnerabilities
underscore the critical need for robust web application
security measures. By implementing secure coding practices,
validating user inputs, and conducting regular security
assessments, organizations can significantly mitigate the risks
associated with SQLi and XSS attacks. The following sections
will delve deeper into these methods and outline best practices
for enhancing web application security.
II. CRITICALITY OF SQLI AND XSS
VULNERABILITIES
SQL injection (SQLi) and cross-site scripting (XSS)
vulnerabilities are among the most prevalent and critical
security issues as shown in fig.1 in web applications today.
SQLi occurs when attackers insert malicious SQL queries into
input fields, exploiting vulnerabilities in the application's
database interactions to gain unauthorized access to data. XSS,
on the other hand, involves injecting malicious scripts into
web pages viewed by other users, allowing attackers to steal
session tokens, redirect users to malicious sites, or perform
other malicious actions. According to the 2023 Verizon Data
Breach Investigations Report, SQLi and XSS attacks
accounted for approximately 30% of all web application
breaches [4].
These vulnerabilities can have a severe impact on
sensitive data, allowing attackers to access, modify, or delete
information stored in databases. The consequences of
exploited SQLi and XSS vulnerabilities extend beyond data
breaches. Organizations may face significant financial losses
due to fraud, regulatory fines, and the costs associated with
incident response and recovery.
Fig.1. Distribution of Web Attacks
Additionally, exploited vulnerabilities can lead to
substantial reputational damage, as customers and partners
lose trust in the organization's ability to secure their data. In
some cases, victims of these attacks may suffer identity theft,
further compounding the negative effects on individuals and
organizations alike [6]. Addressing SQLi and XSS
vulnerabilities is therefore crucial to protect both
organizational assets and user privacy.
III. CASE STUDY: 2022 IBM DATA BREACH
In 2022, IBM, a global leader in technology and
consulting services, experienced a significant data breach due
to an SQL Injection (SQLi) attack. Cybercriminals exploited a
vulnerability in IBM's web application, gaining unauthorized
access to sensitive information, including proprietary data,
employee records, and potentially client information. The
breach affected numerous stakeholders, leading to substantial
financial losses, with costs far exceeding the average $4.24
million as reported in IBM's 2022 Cost of a Data Breach
Report. Additionally, IBM faced reputational damage, as the
breach raised questions about its own cybersecurity practices.
In response, IBM swiftly initiated an incident response,
involving both internal security teams and external experts to
contain the breach and identify the exploited vulnerabilities.
They conducted a comprehensive audit of their cybersecurity
infrastructure, patched the SQLi vulnerability, enhanced
monitoring systems, and implemented advanced threat
detection solutions. This incident underscored the need for
continuous evolution in cybersecurity measures, proactive
vulnerability management, and robust incident response
strategies. It highlighted the importance of advanced solutions
to counter sophisticated threats and emphasized the necessity
of employee training and awareness programs to reduce the
likelihood of successful attacks. The 2022 IBM data breach
serves as a stark reminder of the evolving nature of cyber
nature of this method also results in higher costs and longer
remediation times [9]. To address these challenges, automated
tools such as Ghauri have been developed. These tools can
efficiently scan and identify vulnerabilities like SQLi and
XSS by simulating attacks, offering a faster, more reliable,
and cost-effective alternative to traditional methods.
Automated tools not only enhance the accuracy and coverage
of vulnerability detection but also free up human resources to
focus on remediation and other critical security tasks [10].
V. AUTOMATED VULNERABILITY
DETECTION
In response to the evolving landscape of cybersecurity threats,
automated vulnerability detection tools have emerged as a
vital component in identifying and mitigating potential
vulnerabilities more efficiently and effectively than traditional
methods. These tools utilize advanced technologies, including
artificial intelligence and machine learning, to conduct
continuous monitoring, perform regular scans, and analyze
extensive data sets in real-time. This reduces the window of
opportunity for attackers, providing immediate insights and
responses to emerging threats. Unlike traditional methods that
rely heavily on manual processes and periodic assessments,
automated tools offer a higher degree of accuracy and
comprehensive coverage, enhancing the overall security
posture of organizations [11][12]. The shift towards
automation not only improves the speed and consistency of
vulnerability detection but also optimizes resource use,
thereby reducing long-term costs associated with
cybersecurity management.
VI. COMPARATIVE ANALYSIS
In Table.1, the comparision between the Traditional
Vulnerability Detection and Automated Vulnerability
Detection is depicted. The comparison is made based on
various parameters such as speed, accuracy etc.
Table.1 Comparative analysis
Criteria Traditional Vulnerability Automated
Detection Vulnerability Detection
Speed Slow, manual processes, Fast, continuous
periodic assessments monitoring, real-time
scans [11]
Accuracy Prone to human error, High accuracy,
incomplete assessments comprehensive coverage
[12]
Scalability Limited by manual Easily scalable, handles
resources large data volumes [12]

threats and the critical importance of maintaining robust Cost High due to labor-intensive Lower long-term costs,
cybersecurity practices.[5] processes efficient resource use [11]

IV. TRADITIONAL VULNERABILITY Response Delayed response to Immediate response, real-

Time emerging threats time mitigation [11]
DETECTION
Traditional vulnerability detection in web Human High, requires skilled Low, reduced need for
Resource personnel manual intervention [12]
applications, particularly against SQL injection (SQLi) and Dependency
cross-site scripting (XSS) attacks, often involves manual code
Coverage Limited, may miss subtle or Extensive, detects a wide
reviews and penetration testing. This process requires security complex threats range of vulnerabilities
experts to meticulously examine code for potential [11]
vulnerabilities and attempt to exploit them to identify Consistency Variable, dependent on Consistent, standardized
weaknesses [7]. While this approach can be thorough, it is individual expertise detection algorithms [12]
also time-consuming and heavily dependent on the skill and
experience of the security professional. One major challenge
is the potential for human error; even seasoned experts can
overlook subtle vulnerabilities in complex code bases,
whether they are related to SQLi or XSS [8]. Additionally,
manual testing is not scalable for large applications with
extensive code, leading to incomplete coverage and the
possibility of undetected vulnerabilities. The labor-intensive

Fig.2 Comparison of Traditional and Automated Vulnerability
Detection
As shown in Fig.2, Traditional vulnerability
detection is slow, manual, and error-prone, but offers
customization. Automated Vulnerability Detection is fast,
accurate, scalable, and cost-effective, but may require upfront
investment and may not be suitable for all needs.
Web applications have become essential to modern
digital life, providing a wide range of services from online
banking to social media interactions. However, this reliance
comes with significant security risks, particularly in the form
of SQL Injection (SQLi) and Cross-Site Scripting (XSS)
vulnerabilities. These vulnerabilities are among the most
critical threats to web application security, capable of causing
unauthorized data access, data breaches, and severe
operational disruptions. Traditional methods of vulnerability
detection, such as manual code reviews and penetration
testing, while thorough, are often time-consuming and prone
to human error. These methods are not scalable for large,
complex applications, leading to incomplete vulnerability
coverage and delayed threat mitigation. Ghauri, an advanced
automated tool, addresses these limitations by offering a faster,
more reliable, and comprehensive approach to detecting and
exploiting SQLi and XSS vulnerabilities. With features like
automated vulnerability scanning, advanced exploit
techniques, and a user-friendly interface, Ghauri significantly
enhances the efficiency and accuracy of web application
security assessments.
The 2022 IBM data breach case study underscores
the profound impact that security vulnerabilities can have on
an organization. This incident highlighted the need for
continuous evolution in cybersecurity practices, proactive
vulnerability management, and robust incident response
strategies. Ghauri’s ability to support various types of
injection payloads and its compatibility with multiple database
management systems make it a versatile tool in the fight
against web application vulnerabilities.
VII. INTRODUCTION TO GHAURI
Ghauri is an advanced automated tool designed for the
detection of SQL injection (SQLi) and cross-site scripting
(XSS) vulnerabilities. Developed to streamline the process of
identifying security flaws in web applications, Ghauri
integrates sophisticated techniques to enhance the accuracy
and efficiency of vulnerability scanning. The motivation
behind Ghauri's development stems from the increasing
prevalence and complexity of cyber-attacks targeting web
applications, which necessitates a robust and automated
solution for early detection and mitigation of these threats [13].
Key features of Ghauri include comprehensive scanning
capabilities, advanced exploit techniques, and a user-friendly
interface that allows security professionals to identify and
exploit vulnerabilities with minimal manual intervention. The
tool employs a variety of automated vulnerability scanning
methods to detect potential security issues, leveraging both
time-based and error-based SQLi detection mechanisms, as
well as various XSS detection techniques [14]. Ghauri's as
shown in fig.3, advanced exploit techniques enable users to
validate identified vulnerabilities and assess their potential
impact, providing a critical layer of security assessment for
web applications.
Fig.3. Ghauri
7.1. Features of Ghauri:
In this section, the various features of Ghauri is
discussed along with the fig.3.
1. Automated Vulnerability Scanning: Ghauri automates the
detection of SQLi and XSS vulnerabilities, reducing the need
for manual intervention.[15]
2. Advanced Exploit Techniques : The tool employs
sophisticated exploit methods to validate vulnerabilities and
assess their potential impact.[15]
3. Time-Based SQLi Detection: Utilizes time-based
techniques to identify SQL injection vulnerabilities by
analyzing response delays.[15]
4. Error-Based SQLi Detection: Detects SQL injections by
inducing and analyzing error messages generated by the
database.[15]
5. Comprehensive XSS Detection : Identifies various types of
cross-site scripting vulnerabilities through automated testing
and analysis.[15]
6. User-Friendly Interface: Provides an easy-to-use interface
that simplifies the process of scanning and exploiting
vulnerabilities.[15]
Fig.4. Features of Ghauri
7. Report Generation: Generates detailed reports on identified
vulnerabilities, including their severity and potential
impact.[15]
8. Customizable Scanning Options:Allows users to configure
scanning parameters and tailor the detection process to
specific requirements.[15]
9. Regular Updates: The tool is regularly updated to include
new detection techniques and address emerging security
threats.[15]
7.2. Installation and Setup:
7.2.1. Requirements:
 Python 3
 Python pip3
7.2.2. Download Ghauri: You can download the latest
version of Ghauri by cloning the GitHub repository.
Navigate to the Ghauri directory
Install Requirements
You can install Ghauri by running
After installation, you can verify that Ghauri is installed
correctly by running
VIII. WORKING AND EVALUATION OF
GHAURI
Ghauri supports various types of injection payloads,
including Boolean-based, error-based, time-based, and
stacked queries. It supports SQL injection for multiple
DBMSs such as MySQL, Microsoft SQL Server, Postgres,
Oracle, and Microsoft Access. Additionally, it offers injection
techniques for GET/POST requests, headers, cookies,
multipart form data, JSON, and SOAP/XML.
Ghauri also includes features like proxy support, request
parsing from text files, data extraction limits, session
resumption, URL encoding skips, character verification,
redirect handling, SQL shell access, fresh queries, hostname
extraction, and an update switch for the latest version.
8.1. Running Ghauri: To use Ghauri, run the following
command with the desired options
For Example
Ghauri's detailed output reports provide insights into
identified vulnerabilities and recommended remediation steps,
ensuring that users can effectively enhance their web
application's security [16].
8.2. Evaluation of Ghauri’s Effectiveness: Evaluating
Ghauri's effectiveness involves comparing its performance
with other popular SQL injection (SQLi) and cross-site
scripting (XSS) detection tools such as sqlmap, jsql, BBQSQL,
and NoSQLMap. These tools often rely heavily on manual
intervention, which can be time-consuming and prone to
human error. In contrast, Ghauri automates the detection
process, significantly increasing efficiency and accuracy [17].
Performance metrics such as detection rate, false positive rate,
and scanning speed are critical in assessing the effectiveness
of Ghauri compared to these other tools. Real-world testing
scenarios, including various web applications with known
vulnerabilities, demonstrate Ghauri's capability to identify and
exploit security flaws that other tools might miss. Additionally,
Ghauri's advanced features, such as its support for multiple
payload types and its ability to handle various database
management systems, enhance its detection and exploitation
capabilities. The tool's user-friendly interface and detailed
reporting further aid in the swift identification and
remediation of security issues. These factors collectively
highlight Ghauri's superior performance in enhancing web
application security [18].
Fig.5. Comparison of Various SQLi and XSS Tools
Here is the line graph comparing SQL injection tools (sqlmap,
BBQSQL, Ghauri, NoSQLMap, and jsql) based on the
percentage of vulnerabilities detected and the scanning speed:
 Vulnerabilities Detected (%): Ghauri detects the
highest percentage of vulnerabilities at 95%, followed by
sqlmap, jsql, BBQSQL, and NoSQLMap.
 Scanning Speed (Seconds): Ghauri completes scans
faster than sqlmap, jsql, and BBQSQL, but slower than
NoSQLMap.
IX. FUTURE ENHANCEMENTS
Future enhancements of Ghauri may include integrating
advanced fuzzing techniques, expanding vulnerability
coverage, and incorporating machine learning algorithms
which will improve the effectiveness of ghauri much higher
and result in easier web vulnerability detection
9.1 Integrating Advanced Fuzzing Techniques: To further
improve its detection capabilities, Ghauri plans to integrate
advanced fuzzing techniques. Fuzzing will enable the tool to
automatically generate a wide variety of input data to test for
vulnerabilities, thereby identifying edge cases that might be
missed by traditional methods [17].
9.2 Expanding Vulnerability Coverage: Another key
enhancement is the expansion of vulnerability coverage.
Ghauri aims to broaden its scope to include additional types of
security flaws beyond SQLi and XSS, such as remote code
execution and file inclusion vulnerabilities. This will make the
tool more comprehensive in identifying potential threats [18].
9.3 Enhanced Machine Learning Algorithms: Incorporating
machine learning algorithms can significantly enhance
Ghauri’s detection accuracy. By learning from previous scans
and adapting to new types of vulnerabilities, the tool can
provide more precise and efficient security assessments [17].
9.4 Improving User Interface and Experience: Future
updates will focus on improving the user interface and overall
user experience. A more intuitive and streamlined interface
will make it easier for users to configure scans, interpret
results, and take corrective actions [18].
X. ETHICAL CONSIDERATION
This paper is intended solely for academic
exploration and to deepen the understanding of hacking and
cyber security. All discussions and analyses are framed within
an ethical context, emphasizing the importance of integrity
and responsible conduct in this field. Any vulnerabilities or
security issues identified during research should be disclosed
responsibly. This means reporting findings to the appropriate
entities (such as software developers or system administrators)
to allow for the resolution of these issues before they are made
public. Responsible disclosure helps mitigate potential harm
and ensures that security gaps are addressed efficiently.
10.1 Legal and Ethical Implications of Using Automated
Tools:
The use of automated tools for hacking or security testing
must be done with a clear understanding of legal and ethical
guidelines. Unauthorized access to any systems, data, or
networks is strictly prohibited and is both illegal and unethical.
Researchers and practitioners must obtain the necessary
permissions before conducting any form of security testing
and must comply with all applicable laws and ethical
standards. By adhering to these ethical principles and
responsible practices, we can contribute to a safer and more
secure digital environment.
XI. CONCLUSION
In conclusion, the adoption of automated
vulnerability detection tools like Ghauri represents a
significant advancement in web application security. By
addressing the limitations of traditional methods and
providing a more efficient and accurate solution, Ghauri helps
organizations mitigate the risks associated with SQLi and
XSS vulnerabilities, thereby enhancing the overall security
and integrity of web applications.
[12] Baker, T., Stevens, K., & Kumar, R. (2021). Comparative
Analysis of Vulnerability Detection Methods. International
Journal of Cybersecurity, 12(3), 101-115.
[13] D. Serpanos, "Security and Privacy in Cyber-Physical
Systems," Synthesis Lectures on Information Security,
Privacy, & Trust, vol. 7, no. 1, pp. 1-119, 2015.
[14] W. G. Halfond, J. Viegas, and A. Orso, "A classification
of SQL-injection attacks and countermeasures," in
Proceedings of the IEEE International Symposium on Secure
Software Engineering, 2006.
[15] R. Gupta, Security Testing Handbook for Banking
Applications, Packt Publishing, 2016.
[16] J. Viega and G. McGraw, Building Secure Software:
How to Avoid Security Problems the Right Way, Addison-
Wesley, 2001.
[17] D. Stuttard and M. Pinto, The Web Application Hacker's
Handbook: Finding and Exploiting Security Flaws, 2nd ed.,
Wiley Publishing, 2011.
[18] https://github.com/r0oth3x49/ghauri

References
[1] McGraw, G. “Software Security: Building Security”, In.
Addison-Wesley Professional, 2006.
[2] Halfond, W. G., Viegas, J., & Orso, A., “A classification
of SQL-injection attacks and countermeasures”, Proceedings
of the IEEE International Symposium on Secure Software
Engineering, 2006.
[3] Rahman, M. M., & Gupta, B. B, “A Comprehensive
Survey on Cross-Site Scripting (XSS) Attacks”, In 2023 11th
International Conference on Software Security and Reliability
(ICSSR),pp. 121-127 .
DOI: https://dx.doi.org/10.2139/ssrn.3564967
[4] Verizon, “Data Breach Investigations Report”.
https://www.verizon.com/business/resources/reports/dbir/
[5] IBM Security. (2022). Cost of a Data Breach Report.
https://www.ibm.com/security/data-breach
[6] Ponemon Institute. (2021). The Impact of Data Breaches
on Reputation & Share Value.
https://www.centrify.com/resources/ponemon-impact-of-data-
breaches/
[7] McGraw, G. (2004). Software Security: Building Security
In. Addison-Wesley Professional.
[8] OWASP Foundation. (2020). OWASP Testing Guide.
https://owasp.org/www-project-
testing/OWASP_Testing_Guide_v4.pdf
[9] Viega, J., & McGraw, G. (2001). Building Secure
Software: How to Avoid Security Problems the Right Way.
Addison-Wesley Professional.

[10] Shah, M., & Rao, S. (2021). Automated Vulnerability

Scanners: A Comparative Study. Journal of Cybersecurity
Research, 3(1), 45-58.
[11] Singh, A., & Rajan, A. (2020). The Role of AI in
Cybersecurity. Journal of Information Security, 9(2), 45-58