Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website.
Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.
Why this kind of application ?
This is a very small application (currently 2.5kLOC in Python) and the first reason of this scanner is to have a "minimum bar" scanner for the Samate Tool Evaluation Program at NIST.
Grabber is also for me a nice way to do some automatics verification on websites/scripts I do. Users should know some things about web vulnerabilities before using this soft because it only tell you what vulnerability it is... not how to solve it.
Because it's a small tool, the set of vulnerabilities is small...
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- Generation of a file [session_id, time(t)] for next stats analysis.
Grabber aim to be simple. It's a small tool, does not provide any GUI or PDF report! There is XML reports (you can easily create a XSLT to render the XML for you manager).