What is Scrawlr? Scrawlr is a tool that will crawl a website and audit it for SQL Injection vulnerabilities. Specifically, Scrawlr is designed to detect SQL Injection vulnerabilities in dynamic web pages that will be indexed by search engines. What kind of websites can Scrawlr test? Scrawlr can be used to test virtually any kind of website (provided you have permission to audit that website J). Scrawlr does have several limitations when compared to a traditional web vulnerability scanner which prevent it from crawling certain parts of your web application. These limitations include: * No submission of web forms * Does not interpret JavaScript or Flash * Only tests for SQL Injection vulnerabilities and only tests the query string parameters of URLs * Does not keep state or use Cookies * Crawl limit of 1500 pages * No authentication support What specific technologies will Scrawlr crawl? Scrawlr will crawl and audit any of the following file extensions: * htm/html * asp * aspx * php/php3/php4 * jsp * js * txt * cfm * any file without an extension Download and More Info: http://www.communities.hp.com/securitysoftware/forums/198.aspx#options
