Need help with grabber?
Click the “chat” button below for chat support from the developer who created it, or find similar developers for support.

About the developer

135 Stars 83 Forks 2 Commits 1 Opened issues


[DON'T USE ME] plain ol' web apps scanner

Services available


Need anything else?

Contributors list

# 347,978
1 commit

Do not use this tool, it's an artifact from the past. Use Burp or w3af!

Grabber v0.1

Grabber is a web application which try to be as useful as possible ie allows: - back box testing - hybrid analysis - javscript source code checker

The tool aims to be quite generic, so even if I use PHP-SAT as php source code analyzer, you could use a java source code analyzer for your website. You can also add some attacks pattern you found etc. For more information go to the website.


author: Romain Gaucher website: email: [email protected]

What would be cool to have/integrate (except no more bugs) ?

  • Core: Support of cookies, Http Auth
  • XSS: Plug in a JavaScript interpreter (spidermonkey still compiled ^^)
  • Session: Report the SessionID Report on the randomness of the sessions id (statistical distribution)
  • Cookies: Analyze the cookies (look for secure, HttpOnly etc.)
  • Passwords: Passwords hash analyzer ? Is it enough secure...
  • SSL/TLS: ???
  • Configuration report: Look at the CVE/NVD give the report if there is such a configuration information ASP / PHP / MySQL versions APACHE / IIS etc.
  • Log Visualisation Systems XSS ?


I should write a disclaimer here ? Hum, I'm not responsible of any results/trouble/nuclear punch in your website after the utilisation of Grabber. This soft performs only attack patterns it should not create anything wrong in your website (except if it's a really crap).

During the hybrid analysis, there could be some trouble... I suggest you to save the files even if everything is done in the ./local/ directory (I copy the source files in the ./local/current and the analysis output are in the ./local/analyzed)

Of course, if the Grabber does not find any vulnerability, it doesn't mean at all that there is none; only that grabber found nothing. Even if you use Grabber or whatever tool you want, you cannot have a website 100% secure... it's impossible


I will put the BSD Licence stuffs. But still, it is under the modified BSD licence.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.