Top 10 Web Vulnerability Scanner
- NSE-nmap scripting engine
- Zed attack proxy
Acunetix is the leading web vulnerability scanner used by serious Fortune 500 companies and widely acclaimed to include the most advanced SQL injection and XSS black box scanning technology
It automatically crawls your websites and performs black box AND grey box hacking techniques which finds dangerous vulnerabilities that can compromise your website and data
Acunetix tests for SQL Injection, XSS, XXE, SSRF, Host Header Injection and over 4500 other web vulnerabilities.
WPScan is a black box WordPress vulnerability scanner that can be used to scan remote WordPress installations to find security issues
Joom scanOWASP JoomScan (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in perl programming language to detect Joomla CMS vulnerabilities and analysis them
DirBuster is a multi threaded java application designed to brute force directories and files names on web/application servers.
Grabber is a web application scanner which can detect many security vulnerabilities in web applications.
It is used to check the small appliactions.
It performs scans and tells where the vulnerability exists. It can detect the following vulnerabilities
Cross site scripting
–SQL injection –Ajax testing –File inclusion –JS source code analyzer –Backup file check
- –SQL injection
- –Ajax testing
- –File inclusion
- –JS source code analyzer
- –Backup file check
Vega is another free open source web vulnerability scanner and testing platform
With this tool, you can perform security testing of a web application
This tool is written in Java and offers a GUI based environment
It is available for OS X, Linux and Windows
It can be used to find SQL injection, header injection, directory listing, shell injection, cross site scripting, file inclusion and other web application vulnerabilities
ZED attack proxy
Zed Attack Proxy is also known as ZAP This tool is open source and is developed by AWASP
It is available for Windows, Unix/Linux and Macintosh platforms.
It can be used to find a wide range of vulnerabilities in web applications.
These are the key functionalities of ZAP
- –Intercepting Proxy
- –Automatic Scanner
- –Traditional but powerful spiders
- –Web Socket Support
- –Plug-n-hack support
- –Authentication support
- –REST based API
- –Dynamic SSL certificates
- –Smartcard and Client Digital Certificates support
Wapiti is also a nice web vulnerability scanner which lets you audit the security of your web applications
It performs black-box testing by scanning web pages and injecting data.
It tries to inject payloads and see if a script is vulnerable
It supports both GET and POSTHTTP attacks and detects multiple vulnerabilities
It can detect following vulnerabilities
- –File Disclosure
- –File inclusion
- –Cross Site Scripting (XSS)
- –Command execution detection
- –CRLF Injection
- –SEL Injection and Xpath Injection
- –Weak .htaccess configuration
- –Backup files disclosure