Sometimes it is nice to have a quick tool that will scan a site for basic XSS or SQL Injection vulnerabilities. It is even nicer if you don't have to go through some long drawn out setup procedure just to see if a field has any tasty morsels to chew on. Enter a free suite of tools call Exploit-Me by
Security Compass - Application Security.
The suite currently consists of two tools:
- XSS-Me - a tool to test for Cross-Site Scripting vulnerablities
- SQL Inject-Me - a tool to test for SQL Injection vulnerabilitie
The beauty of the Exploit-Me suite is the tools are Firefox add-ons and don't require a proxy.Install the add-on and when you are on a page you want to test, just open the sidebar and go to town.
Take a peek. I think you'll like them.