Friday, October 17, 2008

Grendel v1.0

Grendel v1.0 Web Application Security Testing released
Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.

If you are looking for presentation materials, visit the blog

Some known features of Grendel-Scan :

  • Internal intercepting / testing proxy
  • HTTP request fuzzer
  • Manual requests
  • Automatic file-not-found profiles
  • Upstream proxy support
  • HTTP request & connection throttling
  • HTML form-based authentication; multiple user accounts
  • Granular scan settings
  • Blocked query parameters
  • URL white-lists & blacklists
  • Known session ID names
Some known modules of Grendel-scan :
  • SQL injection
  • Error-based
  • SQL tautologies - experimental
  • Miscellaneous tests
  • CRLF injection
  • Cross-site request forgery (CSRF) – experimental
  • Directory traversal – experimental
  • Generic fuzzing
  • Information Leakage
  • Platform error messages
  • Robots.txt
  • Comment lister
  • Web server configuration
  • Cross-site tracing (XST)
  • Proxy detection
  • Application architecture
  • Input / output flows
  • Offline website mirror
Current stable version:
1.0 Platform File

Windows Grendel-Scan-v1.0-win32.zip

Linux Grendel-Scan-v1.0-linux.zip

Macintosh Grendel-Scan-v1.0-mac.zip

Source Grendel-Scan-v1.0-src.zip

JavaDocs Grendel-Scan-v1.0-javadoc.zip

No comments: