Gryffin a open-sourced Web Security Scanning Tool by Yahoo

Gryffin, the new project has been published to Github in beta under the BSD-style license, and Yahoo! says that it is more than just another scanner, as it aims at addressing two issues that current initiatives have, namely coverage and scale.

Gryffin's crawler also uses PhantomJS for DOM rendering and navigation, which allows it to discover links and code paths in rich applications that are heavily driven by client-side JavaScript. However, the scanning platform does not have fuzzer modules, even for common vulnerabilities like XSS and SQL Injection, as it wants to allow users to fuzz for just what they need.

While every such platform aims to achieve low false positive rates, Yahoo also desired to provide a broader coverage and an elastic infrastructure.

Gryffin has been released as a standalone package, but Yahoo! says that it is actually build for scale, on the publisher-subscriber model. The platform’s components are either publishers or subscribers, or both, which allows it to scale horizontally by adding new nodes to it.