Ghauri has blind XOR payloads that SQLMap doesn't have. SQLMap is easily blocked by WAF, but Ghauri bypasses it easily. If Ghauri adds some tamper like SQLMap, it will become the top tool for SQL injection.
For more insights, check out the original tweet here: And don’t forget to follow @coffinxp7 for more exciting updates in the world of cybersecurity.