Ethical Hacking Institute Course in Pune-India
Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan
Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.
Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you
Why this kind of application ?
This is a very small application (currently 2.5kLOC in Python) and the first reason of this scanner is to have a “minimum bar” scanner for the Samate Tool Evaluation Program at NIST.
Grabber is also for me a nice way to do some automatics verification on websites/scripts I do. Users should know some things about web vulnerabilities before using this soft because it only tell you what vulnerability it is… not how to solve it.
Current features
Because it’s a small tool, the set of vulnerabilities is small…
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
- Generation of a file [session_id, time(t)] for next stats analysis.
Does it scan the JavaScript ?
Yes! It can handle the JavaScript files, parse it to retrieve the server sides scripts names and try to get some parameters name…
This application is based on:
- Researchs from famous websites/guys:
- ha.ckers.org (the XSS vector at least)
- SPI-Dynamics lab/portal
- Whitehatsec
- cgisecurity.com
- OWASP etc.
- and a huge amount of information given by lots of tools (Pantera, Paros, Wapiti, WebInspect, Hailstorm, AppScan etc.)
- Python:
- BeautifulSoup
- PyXML
Grabber aim to be simple. It’s a small tool, does not provide any GUI or PDF report! There is XML reports (you can easily create a XSLT to render the XML for you manager).
Grabber usage
Spider the web application to a depth of 1 (–spider 1) and attempt SQL (–sql) and XSS (–xss) attacks at the given URL (–url http://kali-test-random-gen.com):
www.extremehacking.org
Cyber Suraksha Abhiyan, CEHv9, CHFI, ECSAv9, CAST, ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India