homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

Vulnerability scanners to see if my site is hackable?

5+ Year Member

Msg#: 4094368 posted 11:06 pm on Mar 9, 2010 (gmt 0)

Is there anything out there similar to Xenu Link Sleuth, but only it will scan my site for SQL injection vulnerabilities and other attacks?

So far the only programs I came across were pay-only, which is fine; but I want to see the program uninhibited before I drop money on it.

The best one I found so far was Acunetix Web Security Scanner -- but they don't allow me to test for SQL injections unless I have the pay version.



5+ Year Member

Msg#: 4094368 posted 4:40 am on Mar 12, 2010 (gmt 0)

Have you tried Scrawlr? It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center and that's what its job is: crawl a website and searches for SQL Injection Vulnerabilities.


WebmasterWorld Senior Member 5+ Year Member

Msg#: 4094368 posted 4:30 am on Mar 14, 2010 (gmt 0)

SQL injection sounds scary but it doesn't have to be scary. Take a look at your site, find all of the places that allow user input like search boxes and account logins, and see if you can type code into the box. See if you can type base64 encoded commands etc. Test those areas yourself to see if the url changes, an error code is returned or something other than an error page is returned.

If I type in GOGOGOGO into your forum login box for example and press enter... I shouldn't then see example.com/forums/GOGOGOGO as the url.

There's not much an automated SQL injection test will catch that you can't on your own once you know what to look for, ultimately you want to be able to watch your own back so to speak.

I know of two really good scanners but I think its against TOS to post recommendations here.


5+ Year Member

Msg#: 4094368 posted 6:20 am on Mar 14, 2010 (gmt 0)

Yep, tried out Scrawlr and found no threats. I would like something that functions with more details and/or also does other threats.
I do try to test my own scripts myself, but you can never be too safe nowadays.

A pay program is not a problem, but I want least want 1 unlimited free trial to get a feel if it's what I'm looking for, or not.

JS_Harris, would it be possible to sticky me a link?

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved