Tool for finding SQL Injection (1) - Scrawlr

HP Web Security Research Group in coordination with the MSRC developed Scrawlr, a Tool  that crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

This tool has some limitations:
  • Will only crawls up to 1500 pages
  • Does not support sites requiring authentication
  • Does not perform Blind SQL injection
  • Cannot retrieve database contents
  • Does not support JavaScript or flash parsing
  • Will not test forms for SQL Injection (POST Parameters)

Scrawlr - Tool for finding SQL Injection — PenTestIT
Share on Google Plus

About Vittorio Pavesi

    Blogger Comment
    Facebook Comment

0 commenti: