GrendelScan是一款免费且开源的多平台Web应用安全性测试工具,能够自动检测常见的Web应用漏洞,包括SQL注入、跨站请求伪造等,并支持手动测试功能。该工具还具备拦截代理模块,有助于进行更深入的安全评估。
In one of our posts earlier this month, we spoke of XSS Rays. Whats special about Grendel Scan you might ask? First of all, it is OPEN SOURCE. Second, it is FREE. Third, it is only one of those scanners which allows automatic 404 error detection. Fourth, it is Multi-Platform.
Do we have your attention yet? Okay.. moving on to some more meatier stuff. These are a few of the functions that the Grendel Scan performs:
- Internal intercepting / testing proxy
- HTTP request fuzzer
- Manual requests
- Automatic file-not-found profiles
- Upstream proxy support
- HTTP request & connection throttling
- HTML form-based authentication; multiple user accounts
- Granular scan settings
- Blocked query parameters
- URL white-lists & blacklists
- Known session ID names
In addition to all of these, it has built in modules for the following:
- SQL injection
- Error-based checks
- SQL tautologies – experimental
- Miscellaneous tests
- CRLF injection
- Cross-site request forgery (CSRF) tests
- Directory traversal tests
- Generic fuzzing
- Information Leakage
- Platform error messages
- Robots.txt testing
- Comment lister
- Web server configuration
- Cross-site tracing (XST)
- Proxy detection
- Application architecture
- Input / output flows
- Offline website mirror
In short, it is an automated testing tool for detecting common web application vulnerabilities. It can also aid in manual testing as it has a intercepting proxy module.
All you need is Java 5 and above! Download this tool here!
P.S: We did not post about it any earlier as the download site was down for most of the time
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
