Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names.
Feartures of Scrawlr
- Identify Verbose SQL Injection vulnerabilities in URL parameters
- Can be configured to use a Proxy to access the web site
- Will identify the type of SQL server in use
- Will extract table names (verbose only) to guarantee no false positives
And well there is also list of limitations
- Will only crawls up to 1500 pages
- Does not support sites requiring authentication
- Does not perform Blind SQL injection
- Cannot retrieve database contents
- Does not support JavaScript or flash parsing
- Will not test forms for SQL Injection (POST Parameters)
This is not some professional penetration testing or Vulnerability Scanner tool but a small tool to perform a quick scan before exploiting any know vulerability. HP also has its commercial tool if you want to perform intensive application Vulnerability scanning.
Operating system supported
Windows 2000 SP4 and above
Not tested on windows 7
Download Scrawlr Here
Need to fill a small form.
Related External Links
download scrawlr, Finding SQL Injection with Scrawlr, pangolin tutoriel injection, sql injection checker, scrawlr scan result, Scrawlr SQL Injection & Crawler Tool, sipt 4 download sql injections tools, sql injection Crawler, webcruiser vs scrawlr
You must log in to post a comment.