« Affiliate Programs Vulnerable to Cross-site Request Forgery Fraud | Main | Attacking PHP weak PRNGs: mt_srand and not so random numbers »

Tools: Grendel Scanner a new Web Application Security Scanner

While attending defcon I got to check out a talk on a new web application security scanner called Grendel scanner. For those of you who don't know I used to work at spi dynamics on the webinspect product (now part of HP) and I got to say it is one of the more impressive looking open source options out there. Many of the enhancements that I asked SPI to add didn't get added to the final product and Grendel scanner has a few of them which I'm happy to see. One of them searches popular search engines for URLS and incorporates them into the scan to find additional site surface. It is also one of the only tools doing 404 page detection something that is a requirement if you want to reduce false positives. He also has built in reporting. I haven't dived into the guts yet but well worth checking out from what I've seen.

Blog: http://grendel-scan.com/blog/
Download: http://www.grendel-scan.com/download.htm


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Thanks for the recognition Robert. It was nice to meet you at Defcon.