Website ScannersRSS

These tools and products are designed to identify vulnerabilities in web-based applications.  They may consist of XSS checks, SQL injection attacks, vulnerabilities in CMS software, vulnerabilities in installed software packages, Java or JavaScript issues, or brute force attacks.  Typically they offer what is known as "black-box" testing, meaning that it comes at the website from the Internet, and doesn't know anything about the box or software.  Some of the tools and products listed here also include source code scanners and other checks to help improve the security of web-based applications.  A source code scanner is a "glass-box" test, as it can now see the code on the web server itself, not just what is presented to the Internet.

 

The commercial tools often use a vulnerability database that is used to check for known vulnerabilities that could be exploited in web-based attacks.  They may require a subscription fee as well as the product purchase to keep the vulnerability database up to date.

 

 

There is a separate category for the online and Security as a Service (SaaS) scanning tools, as they are really a different beast from tools that you install and run yourself.  You are trusting a website or a company to scan your site correctly, and not act on vulnerabilities identified.  Be sure to check Online and SaaS Website Scanners as well if an online tool will meet your needs.

 

Articles and other information

Gamja will find XSS(Cross site scripting) & SQL Injection weak point also URL parameter validation error. Who knows that which parameter is weak parameter? Gamja will be helpful for finding vulnerability[ XSS , Validation Error , SQL Injection].

ModifiedNever
Romain Gaucher

Grabber is a web application scanner. Basically it detects some kind of vulnerabilities in your website. Grabber is simple, not fast but portable and really adaptable. This software is designed to scan small websites such as personals, forums etc. absol ...

ModifiedNever

Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Wind ...

ModifiedNever

A web application penetration testing tool that can extract data from SQL Server, MySQL, DB2, Oracle, Sybase, Informix, and Postgres. Further, it can crawl a website as a vulnerability scanner looking for sql injection vulnerabilities.   Features ...

ModifiedNever

N-Stalker Web Application Security Scanner is a Web Security Assessment solution for your web applications. It incorporates the "N-Stealth HTTP Security Scanner" and its 39,000 Web Attack Signature database along with a patent-pending Component-oriented W ...

Modified
Milescan Technologies

ParosPro is a web security tool that allows companies and IT Professionals to assess the security of their web applications. The ParosPro provides a feature rich environment that allows companies to perform assessments based on plug-ins designed to target ...

Modified

WebSlayer is a tool designed for bruteforcing Web Applications, it can be used for finding not linked resources (directories, servlets, scripts, etc), bruteforce GET and POST parameters, bruteforce Forms parameters (User/Password), Fuzzing, etc. The tools ...

Modified
Open Source
Pricing Model
Tags

ProxyStrike is an active Web Application Proxy. It's a tool designed to find vulnerabilities while browsing an application. It was created because the problems we faced in the pentests of web applications that depends heavily on Javascript, not many web s ...

Modified
Edge-Security

Wfuzz is a tool designed for bruteforcing Web Applications, it can be used for finding resources not linked (directories, servlets, scripts, etc), bruteforce GET and POST parameters for checking different kind of injections (SQL, XSS, LDAP,etc), bruteforc ...

ModifiedNever
Safe3 Network Center

Safe3WVS is one of the most powerful web vulnerability scanner with AI on-the-fly web spider crawling technology helps to identify known and unknown vulnerabilities within the Web application layer.Especially when scans web portals ,you will find it is th ...

ModifiedNever
Syhunt Cyber-Security Company

Sandcat combines Syhunt's state-of-the-art, multi-process scanning technologies with the incredibly fast Lua language and Chromium to perform remote web application security scans. While spidering a web site and hunting vulnerabilities, Sandcat emulates a ...

ModifiedNever

SecuBat is a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.

ModifiedNever
Bernardo Damele A. G.

sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers. It comes with a powerful detection engine, many niche features for the ultimate penetration t ...

ModifiedNever
Nicolas Surribas

Wapiti - Web application vulnerability scanner / security auditor Wapiti allows you to audit the security of your web applications. It performs "black-box" scans, i.e. it does not study the source code of the application but it will scan the webpages of ...

ModifiedNever
Janus Security

WebCruiser - Web Vulnerability Scanner, an effective and powerful web penetration testing tool that will aid you in auditing your website! It has a Vulnerability Scanner and a series of security tools. It can support scanning website as well as POC (Proo ...

ModifiedNever

Websecurify is a powerful web application security testing platform designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. Some of the main features of Websecurify include: Availab ...

ModifiedNever

Cross Site "Scripter" is an automatic -framework- to detect, exploit and report XSS vulnerabilities in web-based aplications. It contains several options to try to bypass certain filters, and various special techniques of code injection.

ModifiedNever
eEye Digital Security

Retina Web Security Scanner is a best-in-class web scanning solution that rapidly and accurately scans large, complex web sites and web applications to tackle web-based vulnerabilities. Retina Web Security Scanner identifies application vulnerabilities as ...

ModifiedNever
NetProtect AG
Freeware
Pricing Model

Quick Summary: SWAT is a free Security Webscanner for most commmon CMS-, Application- & Webservers. Included is also an Username Enumerator, a web Directory Scanner and a Juniper VPN (SSL) Vulnerability Scanner. It is free, has no ads and easy to inst ...

Modified
SWAT
Freeware
Pricing Model

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote access on the vulnerable DB server, even in a very hostile environment. It shou ...

Modified
SQLNinja

© Computer Network Defence Limited 2021