4 Replies - 3057 Views - Last Post: 27 June 2008 - 04:31 PM

#1 snoj  Icon User is offline

  • Married Life
  • member icon

Reputation: 84
  • View blog
  • Posts: 3,564
  • Joined: 31-March 03

Scrawlr - Finds SQL Injection Vulnerabilities

Post icon  Posted 27 June 2008 - 06:46 AM

It's a pretty neat tool. So far I've used it on a couple of my projects and it hasn't found any injection points!

The best part is, there should be no 1500 page limit!

https://download.spi...oducts/scrawlr/

[Admin Edit: Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. ]

Is This A Good Question/Topic? 0
  • +

Replies To: Scrawlr - Finds SQL Injection Vulnerabilities

#2 skyhawk133  Icon User is offline

  • Head DIC Head
  • member icon

Reputation: 1877
  • View blog
  • Posts: 20,284
  • Joined: 17-March 01

Re: Scrawlr - Finds SQL Injection Vulnerabilities

Posted 27 June 2008 - 06:52 AM

I'm actually working on a presentation on XSS and SQL Injection and came across Scrawlr and ran it on a bunch of sites. Didn't find any vulnerabilities though. Kind of disappointing actually. I wanted to see it work.

I crawled 36,000 pages on DIC... so yeh, the 1,500 limit is non-existent.
Was This Post Helpful? 0
  • +
  • -

#3 joeyadms  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 41
  • View blog
  • Posts: 178
  • Joined: 04-May 08

Re: Scrawlr - Finds SQL Injection Vulnerabilities

Posted 27 June 2008 - 07:18 AM

Theres a couple of really great tools out there.

I used to be primarily a security auditor, and have used BeEF a lot.

Exploit-Me is also a neat firefox plugin for SQL/XSS tests.
Was This Post Helpful? 0
  • +
  • -

#4 PsychoCoder  Icon User is offline

  • Google.Sucks.Init(true);
  • member icon

Reputation: 1642
  • View blog
  • Posts: 19,853
  • Joined: 26-July 07

Re: Scrawlr - Finds SQL Injection Vulnerabilities

Posted 27 June 2008 - 07:24 AM

Thank you guys so much for this tool. I crawled the web application that I am currently rewriting (the beta version that is up is in classic ASP, we're rewriting it in ASP.NET w/C#) and it found some issues. I've been telling the owner that the current architecture is a SQL Injection waiting to happen and no one would listen, now I have the proof. Thanks!

PS: Those who know what the site is please don't be messing around lol, I'm trying to fix it lol
Was This Post Helpful? 0
  • +
  • -

#5 ZachR  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 2
  • View blog
  • Posts: 126
  • Joined: 15-June 08

Re: Scrawlr - Finds SQL Injection Vulnerabilities

Posted 27 June 2008 - 04:31 PM

This is a great tool, thanks for the post. There are a few draw backs though, but its great for finding basic vulnerabilities that could one day bring your site down. :P
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1