More on the tool from the developers!
WebCruiser - Web Vulnerability Scanner, a compact but powerful web security scanning tool that will aid you in auditing your site! It has a Vulnerability Scanner and a series of security tools.
It can support scanning website as well as POC( Prooving of concept) for web vulnerabilities: SQL Injection, Cross Site Scripting, XPath Injection etc. So, WebCruiser is also an automatic SQL injection tool, a XPath injection tool, and a Cross Site Scripting tool!Key Features:
- Crawler(Site Directories And Files);
- Vulnerability Scanner(SQL Injection, Cross Site Scripting, XPath Injection etc.);
- POC(Proof of Concept): SQL Injection, Cross Site Scripting, XPath Injection etc.;
- GET/Post/Cookie Injection;
- SQL Server: PlainText/Union/Blind Injection;
- MySQL: PlainText/Union/Blind Injection;
- Oracle: PlainText/Union/Blind/CrossSite Injection;
- DB2: Union/Blind Injection;
- Access: Union/Blind Injection;
- Post Data Resend;
- Administration Entrance Search;
- Time Delay For Search Injection;
- Auto Get Cookie From Web Browser For Authentication;
- Report Output.
If you can not run WebCruiser, please Download .NET FrameWork V2.0 From Microsoft:
SQL Injection Introduction(PDF): http://sec4app.com/download/SqlInjection.pdf
XPath Injection Introduction(PDF): http://sec4app.com/download/XPathInjection.pdf