Wednesday, November 7, 2007 At 6:31AM
An old colleague of ours has just released a Ruby port of Extended Scanner on his blog at securitytechscience.com. If you’re not familiar with it, Extended Scanner is a simple proof of concept web application scanner (in Perl) written by GDS co-founder Brian Holyfield for the book Network Security Tools.. The original Perl version can be found on our Tools download page here.
Quoting from his posting :-
The only thing I have added is the MySQL code as my demo app has a MySQL backend. Before I chat about this, the code can now perform the following:
- Validate SQL injection (i.e., reduces false positives)
- Enumerate backend database type (currently detects MS SQL, Oracle and MySQL)
- Enumerate the number of columns at the injection point
- Enumerate the data type of each column identified
Author: Justin Clarke
©Aon plc 2023