fbpx

Grendel Scan Web Application Security Scanner

Web application security scanners are very important in the process of penetration testing, if you want to test your web application from the known and most dangerous vulnerabilities like SQL injection and cross site scripting than you must use some automatic tools that crawls the website and check for the vulnerabilities that can be exploit. 

There are a lot of web security scanner available both commercial and open source and as discussed before about the wapiti, nikto and w3af. The commercial tools like Netsparker and acunetix.

Linux distribution that has created for penetration testing like backtrack, gnacktrack, backbox and blackbuntu has different tools for website penetration testing, in this article I will discuss about a open source web application security scanner called Grendel-Scan that has release on the Defcon event.

What Is Grendel-Scan

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
Backtrack 5 has contain different web application security scanner as well as it contain Grendel-Scan too, in the tutorial I will use backtrack 5 however you can use and install it on other Linux distribution and windows operating system.

Download

It requires Java to run it, if you are using backtrack 5 than you can get gredenl from Applications–>backtrack–>Vulnerability assessment–>web application assessment–>web vulnerability scanner–>grendel-scan

Grendel-Scan Tutorial

It is not a difficult tool to use, and it has graphical user interface so you can easily understand and implement it on your web security testing process. Here is the short description on the basic usage. 

Enter the target website and if you want to use proxy server than you can enter it.

You can choose variety of options and you can integrate nikto with grendel scan.
Note: If you want to learn more about Linux and Windows based Penetration testing, you might want to subscribe our RSS feed and Email Subscription  or become our Facebook fan! You will get all the latest updates at both the places.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...