- Grabber tool pdf#
- Grabber tool portable#
- Grabber tool verification#
- Grabber tool software#
- Grabber tool code#
Grabber tool code#
PHP-SAT check (Malicious Code CodeVulnerability) _AND_ Pattern ID: MCV001 PHP-SAT check (Malicious Code CodeVulnerability) _OR_ Pattern ID: MCV000 The configuration file is quite simple, you define the website, the files directory, the extension of scripts (php, asp etc.)Īnd the information about your source code scanner. The real advantage of this technique should be the reduction of the number of false-positive. Perform the tests you associated with the patterns Run the Source Code Scanner against your application You can associate the pattern "echo $_GET" with the Cross-Site Scripting module (xss) with the start/end tags as the PHP : this can be a simple php source code scanner :). Load the configuration file with the patterns you define and the association of the tests you want to do with. The hybrid module Crystal provide the combinaison of two types of tests: With a JavaScript engine (spidermonkey in progress.). Really bad for the XSS since I can only try to say that the script will be executed or not.
![grabber tool grabber tool](https://i5.walmartimages.com/asr/b6109779-3ffd-4222-a6cf-f1a37819f76a.e9861388d772af9308373953401f7dc7.jpeg)
It should be quite good for Blind SQL Injection, SQL Injection and File Inclusion. Results will be save in the local directory and will be use at the next run of Grabber (until you erase it). The script create two directories ( local and results) and will put some data in there. $ python grabber.py -spider 1 -sql -xss -url Or you can use the command line parameters:
![grabber tool grabber tool](https://images.homedepot-static.com/productImages/dd15f9bc-7d64-4a94-b0b8-4ed0c7263dab/svn/grabber-buddy-specialty-hand-tools-gb48-64_1000.jpg)
You can configure the run with a configuration file like this: You can download the packages on the websites given above. The executable version produced by py2exeįor using Grabber you only need Python 2.4, BeautifulSoup and PyXML. You have a main script grabber.py which execute the modules (xss.py, sql.py, etc.). Provide solution for the given vulnerabilities? (not quite sure about this)ĭefinitely, playing with the differents encodings types. Plug a JavaScript engine for real XSS detection Multi site support (which is not too hard to do due to the XML structure) There are couple of things I want to fix/do:Ĭookies/Http Auth/Login Page authentification systems
Grabber tool pdf#
It's a small tool, does not provide any GUI or PDF report! There is XML reports (you can easily create a XSLT to
![grabber tool grabber tool](https://ae01.alicdn.com/kf/HTB1Yc6BvOCYBuNkHFCcq6AHtVXaQ/1pcs-Metal-Grabber-Powerful-Four-Claw-Paws-Parts-IC-Chip-Grabber-Maintenance-Tool-Pick-Up-Tools.jpg)
Grabber tool verification#
Grabber is also for me a nice way to do some automatics verification on websites/scripts I do. Is to have a "minimum bar" scanner for the Samate Tool Evaluation Program at NIST. This is a very small application (currently 2.5kLOC in Python) and the first reason of this scanner
Grabber tool software#
This software is designed to scan small websites such as personals, forums etc.Ībsolutely not big application: it would take too long time and flood your network.
Grabber tool portable#
Grabber is simple, not fast but portable and really adaptable. Basically it detects some kind of vulnerabilities in your website. Grabber One who shamelessly pursues any overtime available as long as its for payment - a Mercenary.