Penetration Testing mailing list archives
Re: Scanning for SQL Injection
From: "rajat swarup" <rajats () gmail com>
Date: Thu, 28 Jun 2007 21:27:02 -0400
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ron Johnson - Adhost Sent: Thursday, June 28, 2007 11:07 PM To: pen-test () securityfocus com Cc: listbounce () securityfocus com Subject: Scanning for SQL Injection Hi. I need to scan about 350+ sites from three different web servers that all connect to one MS SQL server for SQL injection. Any ideas on how to make this not take a long long time? I like the Priamos tool but you can only scan one site at a time, and you can't load a list of any sort, etc. Any input is appreciated
Hi, Paros spider + scanner should be able to do stuff without much intervention. However, Paros will need a starting seed URL list. I'd suggest write up a script in curl that loops through all the sites using paros as a local proxy. This would give the seeds to Paros. Once that is done, spider all URLs and then scan them. HTH, Rajat Swarup. http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------
Current thread:
- Scanning for SQL Injection Ron Johnson - Adhost (Jun 28)
- RE: Scanning for SQL Injection Yigit Aktan (Jun 28)
- Re: Scanning for SQL Injection rajat swarup (Jun 28)
- RE: Scanning for SQL Injection Yigit Aktan (Jun 28)