In one of our posts earlier this month, we spoke of XSS Rays. Whats special about Grendel Scan you might ask? First of all, it is OPEN SOURCE. Second, it is FREE. Third, it is only one of those scanners which allows automatic 404 error detection. Fourth, it is Multi-Platform.
Do we have your attention yet? Okay.. moving on to some more meatier stuff. These are a few of the functions that the Grendel Scan performs:
- Internal intercepting / testing proxy
- HTTP request fuzzer
- Manual requests
- Automatic file-not-found profiles
- Upstream proxy support
- HTTP request & connection throttling
- HTML form-based authentication; multiple user accounts
- Granular scan settings
- Blocked query parameters
- URL white-lists & blacklists
- Known session ID names
In addition to all of these, it has built in modules for the following:
- SQL injection
- Error-based checks
- SQL tautologies – experimental
- Miscellaneous tests
- CRLF injection
- Cross-site request forgery (CSRF) tests
- Directory traversal tests
- Generic fuzzing
- Information Leakage
- Platform error messages
- Robots.txt testing
- Comment lister
- Web server configuration
- Cross-site tracing (XST)
- Proxy detection
- Application architecture
- Input / output flows
- Offline website mirror
In short, it is an automated testing tool for detecting common web application vulnerabilities. It can also aid in manual testing as it has a intercepting proxy module.
All you need is Java 5 and above! Download this tool here!
P.S: We did not post about it any earlier as the download site was down for most of the time
