doubaokun / grabber Goto Github PK
View Code? Open in Web Editor NEWThis project forked from neuroo/grabber
[DON'T USE ME] plain ol' web apps scanner
This project forked from neuroo/grabber
[DON'T USE ME] plain ol' web apps scanner
Do not use this tool, it's an artifact from the past. Use Burp or w3af! Grabber v0.1 ------------ Grabber is a web application which try to be as useful as possible ie allows: - back box testing - hybrid analysis - javscript source code checker The tool aims to be quite generic, so even if I use PHP-SAT as php source code analyzer, you could use a java source code analyzer for your website. You can also add some attacks pattern you found etc. For more information go to the website. Contact ------- author: Romain Gaucher website: http://rgaucher.info/beta/grabber email: [email protected] What would be cool to have/integrate (except no more bugs) ? ------------------------------------------------------------ + Core: Support of cookies, Http Auth + XSS: Plug in a JavaScript interpreter (spidermonkey still compiled ^^) + Session: Report the SessionID Report on the randomness of the sessions id (statistical distribution) + Cookies: Analyze the cookies (look for secure, HttpOnly etc.) + Passwords: Passwords hash analyzer ? Is it enough secure... + SSL/TLS: ??? + Configuration report: Look at the CVE/NVD give the report if there is such a configuration information ASP / PHP / MySQL versions APACHE / IIS etc. + Log Visualisation Systems XSS ? Disclaimer ---------- I should write a disclaimer here ? Hum, I'm not responsible of any results/trouble/nuclear punch in your website after the utilisation of Grabber. This soft performs only attack patterns it should not create anything wrong in your website (except if it's a really crap). During the hybrid analysis, there could be some trouble... I suggest you to save the files even if everything is done in the ./local/ directory (I copy the source files in the ./local/current and the analysis output are in the ./local/analyzed) Of course, if the Grabber does not find any vulnerability, it doesn't mean at all that there is none; only that grabber found nothing. <disgression>Even if you use Grabber or whatever tool you want, you cannot have a website 100% secure... it's impossible</disgression> Licence ------- I will put the BSD Licence stuffs. But still, it is under the modified BSD licence.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.