Some known features of Grendel-Scan :
- Internal intercepting / testing proxy
- HTTP request fuzzer
- Manual requests
- Automatic file-not-found profiles
- Upstream proxy support
- HTTP request & connection throttling
- HTML form-based authentication; multiple user accounts
- Granular scan settings
- Blocked query parameters
- URL white-lists & blacklists
- Known session ID names
Some known modules of Grendel-scan :
- SQL injection
- Error-based
- SQL tautologies - experimental
- Miscellaneous tests
- CRLF injection
- Cross-site request forgery (CSRF) – experimental
- Directory traversal – experimental
- Generic fuzzing
- Information Leakage
- Platform error messages
- Robots.txt
- Comment lister
- Web server configuration
- Cross-site tracing (XST)
- Proxy detection
- Application architecture
- Input / output flows
- Offline website mirror
The current release of Grendel-scan can be found here.
Grendel-Scan : A new Web Application Security Scanner from Defcon :) is posted on August 13th, 2008 by admin. This post is filed under: Sectools, Security, Web Hacking, secInfo .
Some people come to this post with this search term: grendel scan, grendel-scan, grendel scan tutorial, grendel security, grendel scanner, open source web application scanner, grendel-scan tutorial, grendel hack, gendel scan, application, using grendel scan, using grendel-scan, Tutorial Grendel, grendel scan howto, grendel fuzzer, defcon grendel scan, usb switchblade download mirror, Grendel proxy, eric duprey grendel, open shource application security scanner,
And here is the related entries of this post:
- CSRF Hacking Database & Tutorial
- Chorizo-Scanner : a Video that shows you How to Audit your Web Application on the fly ! | scans over Code Inclusions , Code Executions , SQL-Injections , XSS , and more!
- proxyScan - scan for hosts and ports through Web Proxy
- ProxyStrike - Proxy to Find Vulnerabilities in Web Application
- Web Based XSS / HTML Injection Scanner
Leave a Reply