Twitter
« Early Look at Tracer 2.0 Beta | Main | Fortify Partner ' SCA 5.0 Sneak Peak »
Wednesday
Nov072007

Ruby port of Extended Scanner released

An old colleague of ours has just released a Ruby port of Extended Scanner on his blog at securitytechscience.com. If you're not familiar with it, Extended Scanner is a simple proof of concept web application scanner (in Perl) written by GDS co-founder Brian Holyfield for the book Network Security Tools.. The original Perl version can be found on our Tools download page here.

Quoting from his posting :-

The only thing I have added is the MySQL code as my demo app has a MySQL backend. Before I chat about this, the code can now perform the following:

  1. Validate SQL injection (i.e., reduces false positives)
  2. Enumerate backend database type (currently detects MS SQL, Oracle and MySQL)
  3. Enumerate the number of columns at the injection point
  4. Enumerate the data type of each column identified

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
All HTML will be escaped. Hyperlinks will be created for URLs automatically.