Scrawlr: Crawls your website for SQL Injection

By aj | Comments (0) | Trackbacks (0)

Scrawlr, short for SQL Injector and Crawler will crawl your website and will analyze the parameters of each individual pages for SQL injection vulnerabilities. Very useful tool for small to medium sized websites. Free for the first 1,500 pages.

From HPs website:

Technical details for Scrawlr

Identify Verbose SQL Injection vulnerabilities in URL parameters

Can be configured to use a Proxy to access the web site

Will identify the type of SQL server in use

Will extract table names (verbose only) to guarantee no false positives

Scrawlr does have some limitations versus our professional solutions and our fully functional SQL Injector tool

Will only crawls up to 1500 pages

Does not support sites requiring authentication

Does not perform Blind SQL injection

Cannot retrieve database contents

Does not support JavaScript or flash parsing

Will not test forms for SQL Injection (POST Parameters)

It’s worth trying out.

–aj

Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically each day to your feed reader.

Tags: database, injection, MySQL, parameters, sql, web applications
Topics: Articles, Beginner, Intermediate, Software Review

No comments yet.

Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Scrawlr: Crawls your website for SQL Injection

Leave a comment

Subscribe via RSS

Recent Comments

Recent Posts

Categories

Blogroll

Spam Blocked

Meta

Archives

Pages