Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Scanning for SQL Injection

from [rajat swarup] Network Security [Permanent Link]
Subject: Re: Scanning for SQL Injection
Date: Thu, 28 Jun 2007 21:27:02 -0400 
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
Behalf Of Ron Johnson - Adhost
Sent: Thursday, June 28, 2007 11:07 PM
To: pen-test@securityfocus.com
Cc: listbounce@securityfocus.com
Subject: Scanning for SQL Injection

Hi. I need to scan about 350+ sites from three different web servers that
all connect to one MS SQL server for SQL injection. Any ideas on how to make
this not take a long long time?

I like the Priamos tool but you can only scan one site at a time, and you
can't load a list of any sort, etc.

Any input is appreciated 

Hi,
Paros spider + scanner should be able to do stuff without much
intervention.  However, Paros will need a starting seed URL list.  I'd
suggest write up a script in curl that loops through all the sites
using paros as a local proxy.  This would give the seeds to Paros.
Once that is done, spider all URLs and then scan them.

HTH,
Rajat Swarup.

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Scanning for SQL Injection, Yigit Aktan
Next by Date:  RE: Hardware/software secureIDs - pros and cons., David M. Zendzian
Previous by Thread:  RE: Scanning for SQL Injection, Yigit Aktan
Next by Thread:  solaris root-setuid script to gain root?, Vitalik N.
Indexes:  [Date] [Thread] [Top] [All Lists]