[snoj]

It's a pretty neat tool. So far I've used it on a couple of my projects and it hasn't found any injection points!

The best part is, there should be no 1500 page limit!

https://download.spi...oducts/scrawlr/

[Admin Edit: Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. ]

[skyhawk133]

I'm actually working on a presentation on XSS and SQL Injection and came across Scrawlr and ran it on a bunch of sites. Didn't find any vulnerabilities though. Kind of disappointing actually. I wanted to see it work.

I crawled 36,000 pages on DIC... so yeh, the 1,500 limit is non-existent.

[joeyadms]

Theres a couple of really great tools out there.

I used to be primarily a security auditor, and have used BeEF a lot.

Exploit-Me is also a neat firefox plugin for SQL/XSS tests.

[PsychoCoder]

Thank you guys so much for this tool. I crawled the web application that I am currently rewriting (the beta version that is up is in classic ASP, we're rewriting it in ASP.NET w/C#) and it found some issues. I've been telling the owner that the current architecture is a SQL Injection waiting to happen and no one would listen, now I have the proof. Thanks!

PS: Those who know what the site is please don't be messing around lol, I'm trying to fix it lol

[ZachR]

This is a great tool, thanks for the post. There are a few draw backs though, but its great for finding basic vulnerabilities that could one day bring your site down.