Top 10 Web Vulnerability Scanner

  • Acunetix
  • Wp-scan
  • Joomscan
  • Dirbust
  • NSE-nmap scripting engine
  • Grabber
  • Vega
  • Zed attack proxy
  • Wapiti
  • WebScarab


Acunetix is the leading web vulnerability scanner used by serious Fortune 500 companies and widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology

It automatically crawls your websites and performs black box AND grey box hacking techniques which finds dangerous vulnerabilities that can compromise your website and data

Acunetix tests for SQL Injection, XSS, XXE, SSRF, Host Header Injection and over 4500 other web vulnerabilities.


WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues




Joom scanOWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them


DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.


Grabber is a web application scanner which can detect many security vulnerabilities in web applications.

It is used to check the small appliactions.

It performs scans and tells where the vulnerability exists. It can detect the following vulnerabilities


Cross site scripting

–SQL injection –Ajax testing –File inclusion –JS source code analyzer –Backup file check

  • –SQL injection
  • –Ajax testing
  • –File inclusion
  • –JS source code analyzer
  • –Backup file check


Vega is another free open source web vulnerability scanner and testing platform

With this tool, you can perform security testing of a web application

This tool is written in Java and offers a GUI based environment

It is available for OS X, Linux and Windows

It can be used to find SQL injection, header injection, directory listing, shell injection, cross site scripting, file inclusion and other web application vulnerabilities

ZED attack proxy

Zed Attack Proxy is also known as ZAP This tool is open source and is developed by AWASP

It is available for Windows, Unix/Linux and Macintosh platforms.

It can be used to find a wide range of vulnerabilities in web applications.

These are the key functionalities of ZAP

  • –Intercepting Proxy
  • –Automatic Scanner
  • –Traditional but powerful spiders
  • –Fuzzer
  • –Web Socket Support
  • –Plug-n-hack support
  • –Authentication support
  • –REST based API
  • –Dynamic SSL certificates
  • –Smartcard and Client Digital Certificates support


Wapiti is also a nice web vulnerability scanner which lets you audit the security of your web applications

It performs black-box testing by scanning web pages and injecting data.

It tries to inject payloads and see if a script is vulnerable

It supports both GET and POSTHTTP attacks and detects multiple vulnerabilities

It can detect following vulnerabilities

  • –File Disclosure
  • –File inclusion
  • –Cross Site Scripting (XSS)
  • –Command execution detection
  • –CRLF Injection
  • –SEL Injection and Xpath Injection
  • –Weak .htaccess configuration
  • –Backup files disclosure

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *