begood Posted March 3, 2010 Report Posted March 3, 2010 Grabber is a web application scanner that basically detects some of application vulnerabilities in your web application. It has somethings that other scanners lack. It is simple to work with, not fast but portable and really adaptable! It is designed to scan small websites such as personal blogs, forums etc. The author also recommends against scanning larger applications as it would take too long time and flood the network. Though it is small, it has been tested at NIST!It currently supports the set of these vulnerabilities:- Cross-Site Scripting- SQL Injection (there is also a special Blind SQL Injection module)- File Inclusion- Backup files check- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint- Generation of a file [session_id, time(t)] for next stats analysis.Another thing about this project is its ease of use. You can prepare test cases with simple XML based scripts and you are ready to run tests! Grabber finds its base on research from some amazing sources such as OWASP, etc. It needs Python with BeautifulSoup and PyXML.Download Grabber v0.1 here. You also have an option of using it on a Windows machine as a executable by using py2exe. Quote
