An old colleague of ours has just released a Ruby port of Extended Scanner on his blog at securitytechscience.com. If you're not familiar with it, Extended Scanner is a simple proof of concept web application scanner (in Perl) written by GDS co-founder Brian Holyfield for the book Network Security Tools.. The original Perl version can be found on our Tools download page here.

Quoting from his posting :-

The only thing I have added is the MySQL code as my demo app has a MySQL backend. Before I chat about this, the code can now perform the following:

1. Validate SQL injection (i.e., reduces false positives)
2. Enumerate backend database type (currently detects MS SQL, Oracle and MySQL)
3. Enumerate the number of columns at the injection point
4. Enumerate the data type of each column identified