Nmap NSE 6.01: sql-injection

Summary
Spiders an HTTP server looking for URLs containing queries vulnerable to an SQL injection attack. The script spiders an HTTP server looking for URLs containing queries. It then proceeds to combine crafted SQL commands with susceptible URLs in order to obtain errors. The errors are analysed to see if the URL is vulnerable to attack. This uses the most basic form of SQL injection but anything more complicated is better suited to a standalone tool. We may not have access to the target web server's true hostname, which can prevent access to virtually hosted sites. SYNTAX: httpspider.withinhost: only spider URLs within the same host. (default: true) httpspider.maxpagecount: the maximum amount of pages to visit. A negative value disables the limit (default: 20) httpspider.withindomain: only spider URLs within the same domain. This widens the scope from 'withinhost' and can not be used in combination. (default: false) httpspider.maxdepth: the maximum amount of directories beneath the initial url to spider. A negative value disables the limit. (default: 3) httpspider.url: the url to start spidering. This is a URL relative to the scanned host eg. /default.html (default: /) sql-injection.start: The path at which to start spidering default '/'. http.pipeline: If set, it represents the number of HTTP requests that'll be pipelined (ie, sent in a single request). This can be set low to make debugging easier, or it can be set high to test how a server reacts (its chosen max is ignored). TODO Implement cache system for http pipelines http.useragent: The value of the User-Agent header field sent with requests. By default it is ''Mozilla/5.0 (compatible Nmap Scripting Engine http://nmap.org/book/nse.html)''. A value of the empty string disables sending the User-Agent header field. sql-injection.maxdepth: The maximum depth to spider default 10. http-max-cache-size: The maximum memory size (in bytes) of the cache. httpspider.noblacklist: if set, doesn't load the default blacklist