neuroo/grabber neuroo/grabber

  • This repository has been archived on 18/Jan/2018
  • Stars
    star
    146
  • Rank 252,769 (Top 5 %)
  • Language
    Python
  • Created over 13 years ago
  • Updated about 8 years ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
neuroo/grabber
github

neuroo

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

[DON'T USE ME] plain ol' web apps scanner 
Do not use this tool, it's an artifact from the past. Use Burp or w3af!



Grabber v0.1
------------

Grabber is a web application which try to be as useful as possible ie allows:
- back box testing
- hybrid analysis
- javscript source code checker

The tool aims to be quite generic, so even if I use PHP-SAT as php source code analyzer, you could use
a java source code analyzer for your website. You can also add some attacks pattern you found etc.
For more information go to the website.

Contact
-------

  author:  Romain Gaucher
  website: http://rgaucher.info/beta/grabber
  email:   [email protected]


What would be cool to have/integrate (except no more bugs) ?
------------------------------------------------------------

  + Core:
         Support of cookies, Http Auth
  + XSS:
         Plug in a JavaScript interpreter (spidermonkey still compiled ^^)
  + Session:
         Report the SessionID
         Report on the randomness of the sessions id (statistical distribution)
  + Cookies:
         Analyze the cookies (look for secure, HttpOnly etc.)
  + Passwords:
         Passwords hash analyzer ?
         Is it enough secure...
  + SSL/TLS:
         ???
  + Configuration report:
         Look at the CVE/NVD give the report if there is such a configuration information
         ASP / PHP / MySQL versions
         APACHE / IIS etc.
  + Log Visualisation Systems
         XSS ?

Disclaimer
----------

I should write a disclaimer here ? Hum, I'm not responsible of any results/trouble/nuclear punch in
your website after the utilisation of Grabber.
This soft performs only attack patterns it should not create anything wrong in your website (except if it's a really crap).

During the hybrid analysis, there could be some trouble... I suggest you to save the files even if everything is done in the
./local/ directory (I copy the source files in the ./local/current and the analysis output are in the ./local/analyzed)

Of course, if the Grabber does not find any vulnerability, it doesn't mean at all that there is none; only that grabber found
nothing. <disgression>Even if you use Grabber or whatever tool you want, you cannot have a website 100% secure...
it's impossible</disgression>

Licence
-------

I will put the BSD Licence stuffs. But still, it is under the modified BSD licence.

More Repositories

1

equip

Python bytecode instrumentation library
Python
121
star
2

runtime-tracer

Dynamic tracing for binary applications (using PIN), IDA plugin to visualize and interact with the traces
C
99
star
3

apache-scalp

Scalp! is a log analyzer for the Apache web server that aims to look for security problems
Python
57
star
4

pinpy

Detours from binaries method entry/exit point to Python scripts (PIN, CPython API)
C++
31
star
5

LockMeNow

My iPhone 5 lock button is not working properly, so I wrote this app
Objective-C
30
star
6

blacksheep

defunct web browser for pen-testing
Python
19
star
7

xpdbg

PHP runtime analysis toolset based on Xdebug
JavaScript
13
star
8

java-runtime-tracer

JVMTI agent, following the same pattern as the runtime-tracer
C
12
star
9

tocify

Small JavaScript table of contents generator for Markdown generated HTML
JavaScript
7
star
10

tracer

Embed me in your Python application, I'll help you trace it.
Python
4
star
11

sql-proc-analysis

Quick'n'dirty T-SQL procedure static analysis (don't be fooled, there is no inter-procedural static analysis engine behind, and it only follows assignments...)
Python
3
star