SQL Injection Penetration Testing using NMAP

SQL Injection Penetration Testing using NMAP

Nmap has released a new NSE Script , HTTP-SQL-INJECTION.nse for the penetration testing , using Nmap for SQL Injection testing . This means the most popular network scanner now also offers to scan the web application for SQL Injection vulnerabilities . This Nmap script has a sole purpose of finding the SQL injection vulnerabilities . The script runs on NSE (Nmap Scripting Engine) , the Nmap built-in engine for running the scripts for Nmap .

http-sql-injection.nse works with nmap and uses Http spiders . The script spiders on HTTP servers and looks for any URL’s that might be vulnerable to SQL injection . http-sql-injection.nse will also extract any forms found on the web app and tries to find any vulnerable form fields .

The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more complicated is better suited to a standalone tool.

Well the Nmap team seems to be doing great work Nmap Fans !!
Now this Network scanner has much wider application in penetration testing .

Download Script : Here 

Documentation : Here

Example Usage : 
nmap -sV --script=http-sql-injection <target>

 

#Please Like , Comment and Share if you find this post helpfull

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s