Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Scanning for SQL Injection
From: "rajat swarup" <rajats () gmail com>
Date: Thu, 28 Jun 2007 21:27:02 -0400

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Ron Johnson - Adhost
Sent: Thursday, June 28, 2007 11:07 PM
To: pen-test () securityfocus com
Cc: listbounce () securityfocus com
Subject: Scanning for SQL Injection

Hi. I need to scan about 350+ sites from three different web servers that
all connect to one MS SQL server for SQL injection. Any ideas on how to make
this not take a long long time?

I like the Priamos tool but you can only scan one site at a time, and you
can't load a list of any sort, etc.

Any input is appreciated

Paros spider + scanner should be able to do stuff without much
intervention.  However, Paros will need a starting seed URL list.  I'd
suggest write up a script in curl that loops through all the sites
using paros as a local proxy.  This would give the seeds to Paros.
Once that is done, spider all URLs and then scan them.

Rajat Swarup.


This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]