本文共 1455 字，大约阅读时间需要 4 分钟。

In one of our posts earlier this month, we spoke of . Whats special about  you might ask? First of all, it is . Second, it is FREE. Third, it is only one of those scanners which allows automatic 404 error detection. Fourth, it is Multi-Platform.

Do we have your attention yet? Okay.. moving on to some more meatier stuff. These are a few of the functions that the Grendel Scan performs:

• Internal intercepting / testing proxy
• HTTP request fuzzer
• Manual requests
• Automatic file-not-found profiles
• Upstream proxy support
• HTTP request & connection throttling
• HTML form-based authentication; multiple user accounts
• Granular scan settings
• Blocked query parameters
• URL white-lists & blacklists
• Known session ID names

In addition to all of these, it has built in modules for the following:

• Error-based checks
• SQL tautologies – experimental
• tests
• CRLF injection
• Cross-site request forgery (CSRF) tests
• Directory traversal tests
• Generic
• Information Leakage
• Platform error messages
• Robots.txt testing
• Comment lister
• Web server configuration
• Cross-site tracing (XST)
• Proxy detection
• Application architecture
• Input / output flows
• Offline website mirror

In short, it is an automated testing tool for detecting common web application vulnerabilities. It can also aid in manual testing as it has a intercepting proxy module.

All you need is Java 5 and above! Download this tool !

P.S: We did not post about it any earlier as the download site was down for most of the time

转载地址：http://gemmb.baihongyu.com/