Hello GreenHackerz ...
Today I'm going to post a very good tool for Penetration Testing and its Name is Grendel Scan..
Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
Whats special about Grendel Scan you might ask? First of all, it is OPEN SOURCE. Second, it is FREE. Third, it is only one of those scanners which allows automatic 404 error detection. Fourth, it is Multi-Platform.
Do we have your attention yet?Okay.. moving on to some more meatier stuff.
These are a few of the functions that the Grendel Scan performs:
- Internal intercepting / testing proxy
- HTTP request fuzzer
- Manual requests
- Automatic file-not-found profiles
- Upstream proxy support
- HTTP request & connection throttling
- HTML form-based authentication; multiple user accounts
- Granular scan settings
- Blocked query parameters
- URL white-lists & blacklists
- Known session ID names
In addition to all of these, it has built in modules for the following:
- SQL injection
- Error-based checks
- SQL tautologies – experimental
- Miscellaneous tests
- CRLF injection
- Cross-site request forgery (CSRF) tests
- Directory traversal tests
- Generic fuzzing
- Information Leakage
- Platform error messages
- Robots.txt testing
- Comment lister
- Web server configuration
- Cross-site tracing (XST)
- Proxy detection
- Application architecture
- Input / output flows
- Offline website mirror
In short, it is an automated testing tool for detecting common web application vulnerabilities. It can also aid in manual testing as it has a intercepting proxy module.
All you need is Java 5 and above!
Leave your comments & Suggestion @@@
Enjoy Penetration Testing @@@@