Grabber

Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website.
Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absolutely not big application: it would take too long time and flood your network.

Contact
-------
author: Romain Gaucher
website: http://rgaucher.info/beta/grabber
email: r@rgaucher.info

Current features
Because it's a small tool, the set of vulnerabilities is small...
- Cross-Site Scripting
- SQL Injection (there is also a special Blind SQL Injection module)
- File Inclusion
- Backup files check
- Simple AJAX check (parse every JavaScript and get the URL and try to get the parameters)
- Hybrid analysis/Crystal ball testing for PHP application using PHP-SAT
- JavaScript source code analyzer: Evaluation of the quality/correctness of the JavaScript with JavaScript Lint
- Generation of a file [session_id, time(t)] for next stats analysis.

How do I use Grabber ?

You have a main script grabber.py which execute the modules (xss.py, sql.py, etc.).
Download Grabber
Download Grabber
The executable version produced by py2exe
Source code
Installation
For using Grabber you only need Python 2.4, BeautifulSoup and PyXML. You can download the packages on the websites given above.
Configuration
You can configure the run with a configuration file like this:

http://127.0.0.1/bank
1

Then launch the grabber.py script.
Or you can use the command line parameters:
$ python grabber.py --spider 1 --sql --xss --url http://127.0.0.1/bank

The two configuration are equivalents.
What you need to know ?
The script create two directories (local and results) and will put some data in there. The local spider results will be save in the local directory and will be use at the next run of Grabber (until you erase it).
How good is the tool ?
It should be quite good for Blind SQL Injection, SQL Injection and File Inclusion. Really good for the backup files tests. Really bad for the XSS since I can only try to say that the script will be executed or not... I really need to plug Grabber with a JavaScript engine (spidermonkey in progress...).

Crystal: the hybrid module
The hybrid module Crystal provide the combinaison of two types of tests:
- White box: source code scanning
- Black box: application scanning

How it works is quite simple:
- Load the configuration file with the patterns you define and the association of the tests you want to do with. For instance, you can associate the pattern "echo $_GET" with the Cross-Site Scripting module (xss) with the start/end tags as the PHP <?php and ?>: this can be a simple php source code scanner Smile.
- Run the Source Code Scanner against your application
- Try to find the patterns
- Perform the tests you associated with the patterns

The real advantage of this technique should be the reduction of the number of false-positive.

Crystal configuration file
The configuration file is quite simple, you define the website, the files directory, the extension of scripts (php, asp etc.) and the information about your source code scanner.

<?xml version="1.0"?>

http://127.0.0.1/bank
C:\server\xampp\htdocs\bank

C:\msys\1.0\bin\php-sat.exe
php

PHP-SAT check (Malicious Code CodeVulnerability) __OR__ Pattern ID: MCV000

PHP-SAT check (Malicious Code CodeVulnerability) __AND__ Pattern ID: MCV001

What needs to be done on Crystal ?
There are couple of things I want to implement in Crystal:
- Make the binary operators working in the patterns definition (__OR__, __AND__, __NOT__)
- Allow regular expression in the patterns definition (ex: $_POST[(.*)])
- A better variable extraction process when a pattern is find... But it may be too close to the language...
- Make a real understandable output...