Welcome to WebmasterWorld Guest from

Forum Moderators: phranque

Message Too Old, No Replies

Vulnerability scanners to see if my site is hackable?

11:06 pm on Mar 9, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 2, 2005
votes: 0

Is there anything out there similar to Xenu Link Sleuth, but only it will scan my site for SQL injection vulnerabilities and other attacks?

So far the only programs I came across were pay-only, which is fine; but I want to see the program uninhibited before I drop money on it.

The best one I found so far was Acunetix Web Security Scanner -- but they don't allow me to test for SQL injections unless I have the pay version.
4:40 am on Mar 12, 2010 (gmt 0)

New User

5+ Year Member

joined:Feb 25, 2010
votes: 0

Have you tried Scrawlr? It is developed by HP Web Security Research Group in coordination with Microsoft Security Response Center and that's what its job is: crawl a website and searches for SQL Injection Vulnerabilities.
4:30 am on Mar 14, 2010 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 29, 2007
votes: 179

SQL injection sounds scary but it doesn't have to be scary. Take a look at your site, find all of the places that allow user input like search boxes and account logins, and see if you can type code into the box. See if you can type base64 encoded commands etc. Test those areas yourself to see if the url changes, an error code is returned or something other than an error page is returned.

If I type in GOGOGOGO into your forum login box for example and press enter... I shouldn't then see example.com/forums/GOGOGOGO as the url.

There's not much an automated SQL injection test will catch that you can't on your own once you know what to look for, ultimately you want to be able to watch your own back so to speak.

I know of two really good scanners but I think its against TOS to post recommendations here.
6:20 am on Mar 14, 2010 (gmt 0)

Preferred Member

10+ Year Member

joined:Nov 2, 2005
votes: 0

Yep, tried out Scrawlr and found no threats. I would like something that functions with more details and/or also does other threats.
I do try to test my own scripts myself, but you can never be too safe nowadays.

A pay program is not a problem, but I want least want 1 unlimited free trial to get a feel if it's what I'm looking for, or not.

JS_Harris, would it be possible to sticky me a link?

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members