Scrawlr – Scanner for SQL Injection - Tool Windows
Posted on Wednesday, March 14, 2012 by Tenderfoot
Scrawlr–Scanner - SQL Injection
Scrawlr is short for SQL Injector and Crawler, a tool developed by the HP Web Security Research Group in coordination with the Microsoft Security Response Center in response to the widespread SQL injection attacks on the web.
“Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names. There is no denying you have SQL Injection when I can show you table names!”
Key Features of Scrawlr include:
Identify Verbose SQL Injection vulnerabilities in URL parameters
Can be configured to use a Proxy to access the web site
Will identify the type of SQL server in use
Will extract table names (verbose only) to guarantee no false positives
Scrawlr which is a free tool has a few limitations which are it’s crawl only upto 1500 pages, doesn’t support Blind SQL injection and will not test for Post parameters for SQL injection. Overall even with these limitations, it’s still a useful tool to check your sites to see if you’re safe from SQL injections.
Subscribe to:
Post Comments (Atom)
1 Response to "Scrawlr – Scanner for SQL Injection - Tool Windows"
vibratör
Leave A Reply