Documentation for scan sql


It’s been now 3 days that im searching for the SQL documentation more likely how to configure a sql scan with greenbone but Im not able to find anything revelant.

I used lastest version of greenbone. so Can someone please tell me where is the doc

SQL is not fixed and just for internal use, our stable API is GMP. So do you use SQL use GMP for automation and data query.

SQL queries are volatile and might change within minor updates, so do not use SQL.

That a problem because I really need to make a sql scan right now

What do you plan ? There is nothing you can´t do with GMP.

I want to do a security scan against sql injection on a site in order to detect if it is sensitive to this kind of attack.

As target our psql for GSAD ? You can connect to psql and can do you scan. But you can´t be sure that this sql schema will be president for the next version.

Do you have a documentation about the psql ?

Looks like there is currently a big misunderstanding here.

If i’m understanding @Maselia correctly the question is how to use GVM to scan e.g. a web application for SQL injections, not how to use SQL queries on the gvmd database to run a specific scan.

If this is correctly please have a look at:

Also please note that GVM is no full web application scanner (WAS) so you might need to use a separate, dedicated WAS software to find SQL injections in your application.

I look at the page and it seem that what im looking for but IDK how to make it work I belive they don’t explain it

You can follow these steps:

  1. Create a new scan config as explained in with the “Full and Fast” base
  2. Edit the VT preference like explained in for the VT “Global variable settings”
  3. Set the “Enable generic web application scanning” option from step 2. to “yes”
  4. Save the scan config
  5. Create a new task using this new scan config.

But again please note that this is really only checking for basic SQL injections, you won’t get a throughout coverage of unknown SQL injections by GVM and this needs a dedicated WAS.

1 Like