Crawling + SQL injection with Scrawlr

Scrawlr is the latest tool to come out of HP’s Web Security Research Group. It was built in response to the massive number of SQL injection attacks happening on the web this year. Most of these vulnerable sites are found through googling, so Scrawlr works the same way. Point it at your web server and it will crawl all of the pages and evaluate the URL parameters to see if they’re vulnerable to verbose injection. It reports the SQL server and table names if it comes across anything.

It only supports 1500 pages right now and can’t do authentication or blind injection. It’s still a free tool and a great way to identify if your site is vulnerable to automated tools finding you website via search engines.

[via Acidus]

Comments

  1. miked says:

    i do not approve of this post.

  2. This tool has severe limitations on the volume of the tests it can perform, and worst yet doesn’t even support authentication making it useless for any real world use.

    It does have a dialog encouraging you to buy some nifty tool with no limitations. Its a promotional gimmick, nothing else. Shame on hackaday for helping publicize it.

  3. Acidus says:

    this paulo albuquerque has severe limitations on the amount of information he can comprehend before making public and ill-informed opinions and worst yet he doesn’t even read the FAQ and other material about the tool which explain that it is designed to find and audit pages exactly like the massive attack tool (http://isc.sans.org/diary.html?storyid=4294)

    he does have the ability to write blog comments encouraging you to listen to his moronic options. its a promotional gimmick, nothing else. shame on hackaday for helping to publicize his ignorance.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 97,581 other followers