Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, free tools, SQL Injection
I ran across a mention of this tool in a SANS newsbite.
Scrawl latest version requires information
Scrawlr, developed by the HP Web Security Research Group in coordination with the MSRC, is short for SQL Injector and Crawler. Scrawlr will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities. Scrawlr is lightning fast and uses our intelligent engine technology to dynamically craft SQL Injection attacks on the fly. It can even provide proof positive results by displaying the type of backend database in use and a list of available table names.
You can also access the 1.0 version at Softpedia if you are reluctant to give HP more marketing fodder. Softpedia does check it’s offered downloads for malware, which I always appreciate.
Given that SQL injection is the most common form of data breach, it might be worthwhile to try it, if your website has less than 1500 pages.