Netsparker Community Edition is a SQL Injection Scanner. It’s a free edition of our web vulnerability scanner for the community so you can start securing your website now. It’s user friendly, fast, smart and as always False-Positive-Free.
It shares many features with professional edition. It can detect SQL Injection and XSS issues better than many other scanners (if not all), and it’s completely FREE.
Netsparker can scan for lots of web security vulnerabilities, this free version of Netsparker is a great SQL injection scanner. It can scan and exploit SQL Injection vulnerabilities in different back-end databases with really high accuracy and without any false-positives. Netsparker is the best SQL Injection Scanner among the all commercial, free and open source web vulnerability scanner according to 3rd party benchmark by finding 98.53% of all SQL Injections in tests1.
Netsparker CE features
- False-Positive Free
- AjAX/JavaScript Supp0rt
- Hassle Free Licensing
- Heuristic Cust0m 4o4 Support
- Free Automated Updates
- Error Based SqL Injection
- Boolean Based SQL Injection
- Reflective Cross-site ScriptIng (xss)
- Permanent/St0red Cross-site Scripting (XSS)
- and many more
Security Checks that come with CE
Error Based SQL Injection | |||||
Boolean Based SQL Injection | |||||
Time Based Blind SQL Injection | |||||
Local File Inclusion | |||||
Remote File Inclusions | |||||
Remote Code Injection / Evaluation | |||||
Cross-site Scripting (XSS) via RFI | |||||
Reflective Cross-site Scripting (XSS) | |||||
Permanent/Stored Cross-site Scripting (XSS) | |||||
OS Level Command Injection | |||||
CRLF / HTTP Header Injection / Response Splitting | |||||
Open Redirect | |||||
Find Backup Files | |||||
Crossdomain.xml Analysis | |||||
Finds and Analyse Potential Issues in Robots.txt | |||||
Finds and Analyse Google Sitemap Files | |||||
Detect TRACE / TRACK Method Support | |||||
Detect ASP.NET Debugging | |||||
Detect ASP.NET Trace | |||||
ASP.NET ViewState Analysis | |||||
ViewState is not Signed | |||||
ViewState is not Encrypted | |||||
Post Exploitation Checks | |||||
E-mail Address Disclosure | |||||
Internal IP Disclosure | |||||
Cookies are not marked as Secure | |||||
Cookies are not marked as HTTPOnly | |||||
Directory Listing | |||||
Stack Trace Disclosure | |||||
Version Disclosure | |||||
Access Denied Resources | |||||
Internal Path Disclosure | |||||
Programming Error Messages | |||||
Database Error Messages | |||||
CVS, GIT and SVN Information and Source Code Disclosure | |||||
Find PHPInfo() pages and PHPInfo() disclosures | |||||
Apache Server-Status and Apache Server-Info pages | |||||
Find Hidden Resources | |||||
Basic Authentication over HTTP | |||||
Password Transmitted over HTTP | |||||
Password Form Served over HTTP | |||||
Source Code Disclosure | |||||
Auto Complete Enabled |
Download