I was on another site helping someone with the available options on FREE Web Application Scanners. We did eventually I had a list of around 8 free web application scanners. I thought it would be worth a good share. So, starting off with web application scanners that we did not write about:
1. 
Acunetix: Acunetix WVS automatically checks your web applications for XSS, SQL Injection & other vulnerabilities. It also checks for other vulnerabilities in popular web applications such as Joomla, PHPbb and identifies files with XSS vulnerabilities. Acunetix checks your web applications for coding errors that result in Cross Site Scripting vulnerabilities.
Download the Free Edition of Acunetix Web Vulnerability Scanner version 6.5.20091215 here.
2. N-Stalker: N-Stalker Web Application Security Scanner 2009 Free Edition provides a restricted set of free Web Security Assessment checks to enhance the overall security of your web server infrastructure, using the most complete web attack signature database available in the market – “N-Stealth Web Attack Signature Database“.
Download the N-Stalker Web Application Security Scanner 2009 Free Edition here.
3. Wikto: “Wikto is a tool that checks for flaws in webservers. It provides much the same functionality as Nikto but adds various interesting pieces of functionality, such as a Back-End miner and close Google integration. Wikto is written for the MS .NET environment and registration is required to download the binary and/or source code. ”
Download Wikto version 2.1.0.0 here.
4. Nikto: We wrote about Nikto here.
Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers.
This is one of our favourite web application scanners.
Download Nikto version 2.1.0 here.
5. Sandcat: Our original post about Sandcat is here.
Sandcat is the next-generation patented web app sec assessment technology developed by security experts. It can simulate web-based attacks while emulating modern web browsers. It can run JS and auto interact with web pages. It is the most advanced fault-injection testing tool for web applications.
Download Sandcat version 3.9.3 here!
6. BurpSuite: We wrote about Burp Suite here.
Burp Suite is an integrated platform for attacking web applications. It contains all of the Burp tools with numerous interfaces between them designed to facilitate and speed up the process of attacking an application. All tools share the same robust framework for handling HTTP requests, persistence, authentication, upstream proxies, logging, alerting and extensibility. Burp Suite allows you to combine manual and automated techniques to enumerate, analyse, scan, attack and exploit web applications. The various Burp tools work together effectively to share information and allow findings identified within one tool to form the basis of an attack using another.
Download Burp Suite version 1.3 here.
7. Grendel Scan: This is another favourite tool of ours. We wonder when will a newer version be out! We wrote about it here.
Grendel-Scan is an open-source web application security testing tool. It has automated testing module for detecting common web application vulnerabilities, and features geared at aiding manual penetration tests. The only system requirement is Java 5; Windows, Linux and Macintosh builds are available.
Download Grendel Scan version 1.0 here.
8. Wapiti:We wrote about this tool here.
Wapiti allows you to audit the security of your web applications.
It performs “black-box” scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed web application, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
Download Wapiti version 2.1.0 here.
Searches leading to this post:List of web scanners, list web application scanners, open source web application scanners, Sandcat Suite indir
You must log in to post a comment.