HP Web Security Research Group in coordination with the MSRC developed Scrawlr, a Tool that crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.
This tool has some limitations:
Scrawlr - Tool for finding SQL Injection — PenTestIT
This tool has some limitations:
- Will only crawls up to 1500 pages
- Does not support sites requiring authentication
- Does not perform Blind SQL injection
- Cannot retrieve database contents
- Does not support JavaScript or flash parsing
- Will not test forms for SQL Injection (POST Parameters)
Source: http://www.hacktoolrepository.com/tool/122/Scrawlr (the download URL is wrong, use https://h30406.www3.hp.com/campaigns/2008/wwcampaign/1-57C4K/index.php)
Scrawlr - Tool for finding SQL Injection — PenTestIT
0 commenti:
Post a Comment