I recover an old website which is full of sql injection, I would need a tool if it exists, that crawl the whole site just by followings existing links on it, then try to put some sql injection contents into weak inputs.
I can check by myself but the site is rather big so I would prefer a crawler, to be sure i do not forget an entry...
thx
Ok after typing this post, I realize that I'm asking for an hacking tool, which is not the case of course :p, so any white hat techno available ?
You should fix your known problems before you look for automated tools.
You need to take the following steps:
mysql_real_escape_string() or similar if that is not practical.You should treat the above as a much higher priority than testing tools. Don't even spend time looking for automated scanning tools until those are complete.
An automated SQL Injection tool is just not going to find all your problems, even those which are obvious to a competent attacker.
Until you have done both of the above, you will be wasting your time on automated tools.