Automated SQL/XPATH injection scanner

[cons0ul]

Hi all,

I am looking for A good server side SQL-Injection,XPATH injection
scanner.I was using
Paros but need to test the whole web portal so need Automated tool to
find SQL-Injection Vulnerabilities.

Yes, I have Googled for it, but I want your opinions. What is the best
free scanner out there for automagicaly finding SQL injection
vulnerabilities? Both remote over the net, and by scanning the code.

Thanks & Regards,
cons0ul

[TAS]

A good scanner is very much debatable. Try netsparker, it did give me a confirmed SQL injection.

If you want to throughly check for all possible SQL injection attack vectors then use the fuzzier in webscrab or repeater in burpsuite and feed all possible attack vectors. You will get number of cheat sheets for SQL injections on the Internet.

As far as finding SQL injections analyzing the code is concerned you should know the basic of programing and SQL injection to conclude presence of an injection. Or probably you run your code using some free source code analysis tool.

Paros is just basic, start using burpsuite or webscrab for more options.

Hope this helps.

Cheers
TAS

> --
> null - Spreading the right Information
> null Mailing list charter: http://null.co.in/section/about/null_list_charter/

[127.0.0.1]

try SQLI helper

[Akash]

On 15 August 2010 19:39, cons0ul <sachins...@gmail.com> wrote:
> Yes, I have Googled for it, but I want your opinions. What is the best
> free scanner out there for automagicaly finding SQL injection
> vulnerabilities? Both remote over the net, and by scanning the code.

For remote over the net : sqlmap

--
warm regards,
Akash Mahajan
--------------------------------------------------
Web/Network Security Consultant
--------------------------------------------------
akashm.com | @makash on twitter