Grendel Scan: Open Source Web Application Security Scanner
来源:互联网 发布:mac doc文件怎么打开 编辑:程序博客网 时间:2024/05/18 03:02
In one of our posts earlier this month, we spoke of XSS Rays. Whats special about Grendel Scan you might ask? First of all, it is OPEN SOURCE. Second, it is FREE. Third, it is only one of those scanners which allows automatic 404 error detection. Fourth, it is Multi-Platform.
Do we have your attention yet? Okay.. moving on to some more meatier stuff. These are a few of the functions that the Grendel Scan performs:
- Internal intercepting / testing proxy
- HTTP request fuzzer
- Manual requests
- Automatic file-not-found profiles
- Upstream proxy support
- HTTP request & connection throttling
- HTML form-based authentication; multiple user accounts
- Granular scan settings
- Blocked query parameters
- URL white-lists & blacklists
- Known session ID names
In addition to all of these, it has built in modules for the following:
- SQL injection
- Error-based checks
- SQL tautologies – experimental
- Miscellaneous tests
- CRLF injection
- Cross-site request forgery (CSRF) tests
- Directory traversal tests
- Generic fuzzing
- Information Leakage
- Platform error messages
- Robots.txt testing
- Comment lister
- Web server configuration
- Cross-site tracing (XST)
- Proxy detection
- Application architecture
- Input / output flows
- Offline website mirror
In short, it is an automated testing tool for detecting common web application vulnerabilities. It can also aid in manual testing as it has a intercepting proxy module.
All you need is Java 5 and above! Download this tool here!
P.S: We did not post about it any earlier as the download site was down for most of the time
http://www.grendel-scan.com/download.htm
- Grendel Scan: Open Source Web Application Security Scanner
- skipfish - web application security scanner
- Arachni - Web Application Security Scanner Framework
- Top 10 Open Source Web Application Firewalls (WAF) for WebApp Security
- web application security scanner :skipfish 站点漏洞扫描器安装
- Open source Java web application frameworks
- Web Application Scanners Accuracy Assessment Freeware & Open Source Scanners
- Wiring Your Web Application with Open Source Java
- 14 Best Open Source Web Application Vulnerability Scanners
- WASC Announcement: Announcing the Web Application Security Scanner Evaluation Criteria v1
- PlagueScanner: An Open Source Multiple AV Scanner
- Web application security
- WAP Web Application Security
- Open Source Web Design
- Open source portal software controls security
- open source Internet security framework & tools
- Open Source for Perimeter Security @ JDJ
- Packetpig - Open Source Big Data Security Analytics
- 主数据管理之二:主数据管理系统的功能组件
- 常用JS技术
- JS鼠标特效
- how to answer salary related questions
- const 的用法
- Grendel Scan: Open Source Web Application Security Scanner
- 孙振耀谈工作与生活
- RFC/BAPI的区别和联系
- 教你用笔记本破解无线路由器密码[转]
- grant connect,resource to user 的权限
- Domino安装配置系列之三:Domino R8.0.x安装 for AIXv5r3
- MSSQL提取汉字
- 一位软件工程师的六年总结:学习力代表未来
- P2P