https://github.com/neuroo/grabber

[DON'T USE ME] plain ol' web apps scanner
https://github.com/neuroo/grabber

Last synced: 5 days ago
JSON representation

[DON'T USE ME] plain ol' web apps scanner

• Host: GitHub
• URL: https://github.com/neuroo/grabber
• Owner: neuroo
• Archived: true
• Created: 2011-03-14T03:02:00.000Z (over 13 years ago)
• Default Branch: master
• Last Pushed: 2016-09-14T07:49:31.000Z (about 8 years ago)
• Last Synced: 2024-08-02T12:48:09.268Z (3 months ago)
• Language: Python
• Homepage:
• Size: 45.9 KB
• Stars: 146
• Watchers: 14
• Forks: 87
• Open Issues: 1
• Metadata Files:
  • Readme: README.txt

Awesome Lists containing this project

• awesome-starred - neuroo/grabber - [DON'T USE ME] plain ol' web apps scanner (others)

README

        
Do not use this tool, it's an artifact from the past. Use Burp or w3af!

Grabber v0.1

------------

Grabber is a web application which try to be as useful as possible ie allows:

- back box testing

- hybrid analysis

- javscript source code checker

The tool aims to be quite generic, so even if I use PHP-SAT as php source code analyzer, you could use

a java source code analyzer for your website. You can also add some attacks pattern you found etc.

For more information go to the website.

Contact

-------

  author:  Romain Gaucher

  website: http://rgaucher.info/beta/grabber

  email:   [email protected]

What would be cool to have/integrate (except no more bugs) ?

------------------------------------------------------------

  + Core:

         Support of cookies, Http Auth

  + XSS:

         Plug in a JavaScript interpreter (spidermonkey still compiled ^^)

  + Session:

         Report the SessionID

         Report on the randomness of the sessions id (statistical distribution)

  + Cookies:

         Analyze the cookies (look for secure, HttpOnly etc.)

  + Passwords:

         Passwords hash analyzer ?

         Is it enough secure...

  + SSL/TLS:

         ???

  + Configuration report:

         Look at the CVE/NVD give the report if there is such a configuration information

         ASP / PHP / MySQL versions

         APACHE / IIS etc.

  + Log Visualisation Systems

         XSS ?

Disclaimer

----------

I should write a disclaimer here ? Hum, I'm not responsible of any results/trouble/nuclear punch in

your website after the utilisation of Grabber.

This soft performs only attack patterns it should not create anything wrong in your website (except if it's a really crap).

During the hybrid analysis, there could be some trouble... I suggest you to save the files even if everything is done in the

./local/ directory (I copy the source files in the ./local/current and the analysis output are in the ./local/analyzed)

Of course, if the Grabber does not find any vulnerability, it doesn't mean at all that there is none; only that grabber found

nothing. Even if you use Grabber or whatever tool you want, you cannot have a website 100% secure...

it's impossible

Licence

-------

I will put the BSD Licence stuffs. But still, it is under the modified BSD licence.