Grendel-Scan : A new Web Application Security Scanner from Defcon :)

In the last August 10th , 2008 , Eric Duprey and David Byrne just finished their presentation at DEFCON 16 . They introduced a new web application security scanner which they ‘ve developed , called Grendel-Scan. According to its official website , Grendel-Scan is known to be an open-source web application security testing tool which has automated testing modules for detecting common web application vulnerablitiews. The best part of this tool is , it’s multi-platform! It can be run under windows , linux or even Macintosh!

Some known features of Grendel-Scan :

  • Internal intercepting / testing proxy
  • HTTP request fuzzer
  • Manual requests
  • Automatic file-not-found profiles
  • Upstream proxy support
  • HTTP request & connection throttling
  • HTML form-based authentication; multiple user accounts
  • Granular scan settings
  • Blocked query parameters
  • URL white-lists & blacklists
  • Known session ID names

Some known modules of Grendel-scan :

  • SQL injection
  • Error-based
  • SQL tautologies - experimental
  • Miscellaneous tests
  • CRLF injection
  • Cross-site request forgery (CSRF) – experimental
  • Directory traversal – experimental
  • Generic fuzzing
  • Information Leakage
  • Platform error messages
  • Robots.txt
  • Comment lister
  • Web server configuration
  • Cross-site tracing (XST)
  • Proxy detection
  • Application architecture
  • Input / output flows
  • Offline website mirror

The current release of Grendel-scan can be found here.

Computer Security Stuff on eBay!
Electronics stuffs on ebay

Grendel-Scan : A new Web Application Security Scanner from Defcon :) is posted on August 13th, 2008 by admin. This post is filed under: Sectools, Security, Web Hacking, secInfo .

Some people come to this post with this search term: grendel scan, grendel-scan, grendel scan tutorial, grendel security, grendel scanner, grendel hack, grendel-scan tutorial, open source web application scanner, using grendel-scan, grendel scan video, how to use grendel scan, gendel scan, application, using grendel scan, Grendel-Scan user guide, grendel backtrack, Tutorial Grendel, grendel scan howto, o que e granula de gredel, grendel scan how to,

And here is the related entries of this post:

One Response to “Grendel-Scan : A new Web Application Security Scanner from Defcon :)”

  1. didier, on August 24th, 2009 at 4:23 am Said:

    I had used the services of http://www.gamasec.com website vulnerability scan SaaS and I am very please with the result for our website security

    Monthly scan and clear report with recommendations to close the vulnerabilties that was found

    DR

Leave a Reply

« Blind Sql Injection : Are your web applications vulnerable ? Assh - Provides Anonymous Secure Shell »