Web application security scanners are very important in the process of penetration testing, if you want to test your web application from the known and most dangerous vulnerabilities like SQL injection and cross site scripting than you must use some automatic tools that crawls the website and check for the vulnerabilities that can be exploit.
There are a lot of web security scanner available both commercial and open source and as discussed before about the wapiti, nikto and w3af. The commercial tools like Netsparker and acunetix.
Linux distribution that has created for penetration testing like backtrack, gnacktrack, backbox and blackbuntu has different tools for website penetration testing, in this article I will discuss about a open source web application security scanner called Grendel-Scan that has release on the Defcon event.
What Is Grendel-Scan
Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
Backtrack 5 has contain different web application security scanner as well as it contain Grendel-Scan too, in the tutorial I will use backtrack 5 however you can use and install it on other Linux distribution and windows operating system.
It requires Java to run it, if you are using backtrack 5 than you can get gredenl from Applications–>backtrack–>Vulnerability assessment–>web application assessment–>web vulnerability scanner–>grendel-scan
It is not a difficult tool to use, and it has graphical user interface so you can easily understand and implement it on your web security testing process. Here is the short description on the basic usage.
Enter the target website and if you want to use proxy server than you can enter it.
You can choose variety of options and you can integrate nikto with grendel scan.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription or become our Facebook fan! You will get all the latest updates at both the places.