PHP User-Group Philippines » web applications http://www.phpugph.com/blog Wed, 23 Dec 2009 04:00:10 +0000 http://wordpress.org/?v=2.8.6 en hourly 1 Scrawlr: Crawls your website for SQL Injection http://www.phpugph.com/blog/2008/07/03/scrawlr-crawls-your-website-for-sql-injection/ http://www.phpugph.com/blog/2008/07/03/scrawlr-crawls-your-website-for-sql-injection/#comments Thu, 03 Jul 2008 03:16:34 +0000 aj http://www.phpugph.com/blog/?p=43

Scrawlr, short for SQL Injector and Crawler will crawl your website and will analyze the parameters of each individual pages for SQL injection vulnerabilities. Very useful tool for small to medium sized websites. Free for the first 1,500 pages.

From HPs website:

Technical details for Scrawlr

  • Identify Verbose SQL Injection vulnerabilities in URL parameters
  • Can be configured to use a Proxy to access the web site
  • Will identify the type of SQL server in use
  • Will extract table names (verbose only) to guarantee no false positives

Scrawlr does have some limitations versus our professional solutions and our fully functional SQL Injector tool

  • Will only crawls up to 1500 pages
  • Does not support sites requiring authentication
  • Does not perform Blind SQL injection
  • Cannot retrieve database contents
  • Does not support JavaScript or flash parsing
  • Will not test forms for SQL Injection (POST Parameters)

It’s worth trying out.

–aj

]]> http://www.phpugph.com/blog/2008/07/03/scrawlr-crawls-your-website-for-sql-injection/feed/ 0