[Nikto-discuss] SQL Injection with Nikto

Jabra jabra at spl0it.org
Sat Jun 21 05:14:35 UTC 2008

On 20.Jun.2008 11:59PM -0400, Sullo wrote:
> Curtis LaMasters wrote:
> > I've been trying to figure out how to scan a website for the ability 
> > to SQL inject (it's a website that I run yes...). Unfortunately I have 
> > not be able to get a desirable result.  I was hoping you all could 
> > point me in the right direction.
> Check out Paros and WebScarab--you may have luck with them. Nikto isn't 
> built to crawl a site and look for something like unknown/undisclosed 
> SQLi in applications, but both them are (and are also free).
> http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
> http://www.parosproxy.org/index.shtml


There are two addition tools that I can recommend.

One is burpsuite.


Another web based proxy that does really awesome stuff. Check the
web app security book for more details.

The second is sqlninja.


All of these tools are included in Backtrack 3 which is
a security LiveCd that allows you too boot a cdrom containing
a Linux system along with all the security tools you need.



> Regards
> Sullo
> _______________________________________________
> Nikto-discuss mailing list
> Nikto-discuss at attrition.org
> https://attrition.org/mailman/listinfo/nikto-discuss

Jabra < jabra at spl0it.org >

More information about the Nikto-discuss mailing list