From: rajat swarup (rajats@gmail.com)
Date: Thu Jun 28 2007 - 21:27:02 EDT
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com] On
> Behalf Of Ron Johnson - Adhost
> Sent: Thursday, June 28, 2007 11:07 PM
> To: pen-test@securityfocus.com
> Cc: listbounce@securityfocus.com
> Subject: Scanning for SQL Injection
>
> Hi. I need to scan about 350+ sites from three different web servers that
> all connect to one MS SQL server for SQL injection. Any ideas on how to make
> this not take a long long time?
>
> I like the Priamos tool but you can only scan one site at a time, and you
> can't load a list of any sort, etc.
>
> Any input is appreciated
Hi,
Paros spider + scanner should be able to do stuff without much
intervention. However, Paros will need a starting seed URL list. I'd
suggest write up a script in curl that loops through all the sites
using paros as a local proxy. This would give the seeds to Paros.
Once that is done, spider all URLs and then scan them.
HTH,
Rajat Swarup.
http://rajatswarup.blogspot.com/
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:55 EDT