Grendel Scan Web Application Security Scanner

Web application security scanners are very important in the process of penetration testing, if you want to test your web application from the known and most dangerous vulnerabilities like SQL injection and cross site scripting than you must use some automatic tools that crawls the website and check for the vulnerabilities that can be exploit. 

There are a lot of web security scanner available both commercial and open source and as discussed before about the wapiti, nikto and w3af. The commercial tools like Netsparker and acunetix.

Linux distribution that has created for penetration testing like backtrack, gnacktrack, backbox and blackbuntu has different tools for website penetration testing, in this article I will discuss about a open source web application security scanner called Grendel-Scan that has release on the Defcon event.

What Is Grendel-Scan

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
Backtrack 5 has contain different web application security scanner as well as it contain Grendel-Scan too, in the tutorial I will use backtrack 5 however you can use and install it on other Linux distribution and windows operating system.

Download

It requires Java to run it, if you are using backtrack 5 than you can get gredenl from Applications–>backtrack–>Vulnerability assessment–>web application assessment–>web vulnerability scanner–>grendel-scan

Grendel-Scan Tutorial

It is not a difficult tool to use, and it has graphical user interface so you can easily understand and implement it on your web security testing process. Here is the short description on the basic usage. 

Enter the target website and if you want to use proxy server than you can enter it.

You can choose variety of options and you can integrate nikto with grendel scan.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Become an Expert in Ethical Hacking

This article is mainly addressing the audience who wants to pursue their career in Cybersecurity as a professional that provides ethical hacking services, whether...

5 Cybersecurity Tips to Keep in Mind When Working From Home

  Due to the ongoing global health crisis, more and more people are being forced to work from their homes. In fact, Forbes estimates that about...

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...