| To: | "Yigit Aktan" <yigit@turkmcse.com> |
|---|---|
| Subject: | Re: Scanning for SQL Injection |
| From: | "rajat swarup" <rajats@gmail.com> |
| Date: | Thu, 28 Jun 2007 21:27:02 -0400 |
| Cc: | pen-test@securityfocus.com |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | pentest-list2@consult.net |
| Delivered-to: | mailing list pen-test@securityfocus.com |
| Delivered-to: | moderator for pen-test@securityfocus.com |
| Dkim-signature: | a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=cMYrbePbGJysicrnRVbEFVK5En+ikbfXSc5lbwB4bX9sEJuLOVSsyH9CNupi3CdZvv0a5xCaITU0EThc1GYh3XT4++hN1J2tgtGshlwlyRLtjFlWYp9qUemwxDF805MVHy6Z6CA66hlIc6VApN5SYPGpGLF/IygUUt/kaIjTx2U= |
| Domainkey-signature: | a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=d7A/5D2FLo2jrZ1PPyMooW3RHHB/gCLKTE9cX5PjCY+RRInrJPF5VXooDY4+eSarDWket4iAeAGO4So3mYMzPGK+0QOc8n/2zNzpBN+3yCQCnBQ5vD464rK1Q+5tgCOMQvNiZHdETyP4vdW0mXbgh1GwsOJ6DnNStGFJwGPvUEs= |
| In-reply-to: | <02a301c7b9cb$86cc15d0$94644170$@com> |
| List-help: | <mailto:pen-test-help@securityfocus.com> |
| List-id: | <pen-test.list-id.securityfocus.com> |
| List-post: | <mailto:pen-test@securityfocus.com> |
| List-subscribe: | <mailto:pen-test-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:pen-test-unsubscribe@securityfocus.com> |
| Mailing-list: | contact pen-test-help@securityfocus.com; run by ezmlm |
| References: | <17838240D9A5544AAA5FF95F8D520316022AC1B8@ad-exh01.adhost.lan> <02a301c7b9cb$86cc15d0$94644170$@com> |
| Resent-date: | Thu, 28 Jun 2007 22:04:51 -0600 (MDT) |
| Resent-from: | pen-test-return-1078484504@securityfocus.com |
| Resent-message-id: | <20070629040451.6494A1437F8@outgoing2.securityfocus.com> |
| Resent-sender: | listbounce@securityfocus.com |
| Sender: | listbounce@securityfocus.com |
-----Original Message----- From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On Behalf Of Ron Johnson - Adhost Sent: Thursday, June 28, 2007 11:07 PM To: pen-test@securityfocus.com Cc: listbounce@securityfocus.com Subject: Scanning for SQL Injection Hi. I need to scan about 350+ sites from three different web servers that all connect to one MS SQL server for SQL injection. Any ideas on how to make this not take a long long time? I like the Priamos tool but you can only scan one site at a time, and you can't load a list of any sort, etc. Any input is appreciated Hi, Paros spider + scanner should be able to do stuff without much intervention. However, Paros will need a starting seed URL list. I'd suggest write up a script in curl that loops through all the sites using paros as a local proxy. This would give the seeds to Paros. Once that is done, spider all URLs and then scan them. HTH, Rajat Swarup. http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This List Sponsored by: Cenzic Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, accurate risk assessment and management solution FREE - limited Time Offer http://www.cenzic.com/wf-spi ------------------------------------------------------------------------ |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | RE: Scanning for SQL Injection, Yigit Aktan |
|---|---|
| Next by Date: | RE: Hardware/software secureIDs - pros and cons., David M. Zendzian |
| Previous by Thread: | RE: Scanning for SQL Injection, Yigit Aktan |
| Indexes: | [Date] [Thread] [Top] [All Lists] |