Nmap NSE 6.01: sql-injection

Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack. The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more complicated is better suited to a standalone tool. We may not have access to the target web server's true hostname, which can prevent access to virtually hosted sites. SYNTAX: httpspider.withinhost: only spider URLs within the same host. (default: true) httpspider.maxpagecount: the maximum amount of pages to visit. A negative value disables the limit (default: 20) httpspider.withindomain: only spider URLs within the same domain. This widens the scope from 'withinhost' and can not be used in combination. (default: false) httpspider.maxdepth: the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3) httpspider.url: the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /) sql-injection.start: The path at which to start spidering, default '/'. http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined (ie, sent in a single request). This can be set low to make debugging easier, or it can be set high to test how a server reacts (its chosen max is ignored). sql-injection.maxdepth: The maximum depth to spider, default 10. http-max-cache-size: The maximum memory size (in bytes) of the cache. httpspider.noblacklist: if set, doesn't load the default blacklist