Scanning Website For Finding Vulnerabilities In Kali Linux Using Grabber

Tuxnoob - Grabber is a tool for web scanner, this tool a text-based or cli (command line interface) mode. This tool designed to scan small websites like personal web, SOHO (Small Office Home Office) websites, forums etc. This tool will take a long time and flood your network.

Some Features In This Application

Features in this application :

• Cross-site scripting
• SQL injection (there is also availability with blind SQL injection module)
• File inclusion
• Backup files check
• Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
• Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
• JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
• Generation of a file [session_id, time(t)] for next stats analysis.

What To Do With Grabber If Done???

There are something that should be fixed

• Cookies/Http Auth/Login Page authentification systems
• Multi site support (which is not too hard to do due to the XML structure)
• Fix the parsers
• Make a real/better detection system
• Plug a JavaScript engine for real XSS detection
• Make a real output
• Provide solution for the given vulnerabilities? (not quite sure about this)
• Definitely, playing with the differents encodings types.

How Starting To Use Grabber???

On Kali Linux Grabber has available, no need install again.
 
For example, here will scanning website with options –spider 1 (spider the web application a depth of 1) and put –sql (SQL), –javascript and –url (for victim website) e.g https://arief-jr.blogspot.com/
As shown below :

And example 2, with change options from –javascript to –xss :

Thanks, may be useful and good luck!!!