Grendel-Scan : A new Web Application Security Scanner from Defcon :)

In the last August 10th , 2008 , Eric Duprey and David Byrne just finished their presentation at DEFCON 16 . They introduced a new web application security scanner which they ‘ve developed , called Grendel-Scan. According to its official website , Grendel-Scan is known to be an open-source web application security testing tool which has automated testing modules for detecting common web application vulnerablitiews. The best part of this tool is , it’s multi-platform! It can be run under windows , linux or even Macintosh!

Some known features of Grendel-Scan :

  • Internal intercepting / testing proxy
  • HTTP request fuzzer
  • Manual requests
  • Automatic file-not-found profiles
  • Upstream proxy support
  • HTTP request & connection throttling
  • HTML form-based authentication; multiple user accounts
  • Granular scan settings
  • Blocked query parameters
  • URL white-lists & blacklists
  • Known session ID names

Some known modules of Grendel-scan :

  • SQL injection
  • Error-based
  • SQL tautologies – experimental
  • Miscellaneous tests
  • CRLF injection
  • Cross-site request forgery (CSRF) – experimental
  • Directory traversal – experimental
  • Generic fuzzing
  • Information Leakage
  • Platform error messages
  • Robots.txt
  • Comment lister
  • Web server configuration
  • Cross-site tracing (XST)
  • Proxy detection
  • Application architecture
  • Input / output flows
  • Offline website mirror

The current release of Grendel-scan can be found here.

Computer Security Stuff on eBay!
Electronics stuffs on ebay

Grendel-Scan : A new Web Application Security Scanner from Defcon :) is posted on August 13th, 2008 by admin. This post is filed under: Sectools, Security, Web Hacking, secInfo .

Some people come to this post with this search term: grendel scan, grendel scan tutorial, grendel-scan, grendel security, grendel scanner, grendel-scan tutorial, grendel hack, open source web application scanner, how to use grendel scan, grendel security scanner, using grendel-scan, grendel scan video, Grendel proxy, using grendel scan, gendel scan, application, Tutorial Grendel, defcon scanner, Grendel-Scan user guide, hack grendel,

And here is the related entries of this post:

One Response to “Grendel-Scan : A new Web Application Security Scanner from Defcon :)”

  1. didier, on August 24th, 2009 at 4:23 am Said:

    I had used the services of http://www.gamasec.com website vulnerability scan SaaS and I am very please with the result for our website security

    Monthly scan and clear report with recommendations to close the vulnerabilties that was found

    DR

Leave a Reply

« »