Web Scanners (Not in any order):
S.N. / Name / Brief Description / Open Source? / Platform / Functions1 / WebInspect
http://www.spidynamics.com/products/webinspect/index.html / Web application layer vulnerability checker / No / Win / With WebInspect, auditors, compliance officers, and security experts can perform security assessments on a Web-enabled application or Web service.
WebInspect pinpoints real security vulnerabilities that only a hacker would find in your Web application.
2 / Shadow Web Analyzer
http://www.safety-lab.com/en/products/7.htm / Scans MSSql, Oracle, IBMDB2, MiniSql,MySQL, and Lotus Domino / No / Win / · Analyses web site in search of potential errors
· Checks for bad links
· Re-organize links in downloaded component files.
· Provides with the most full and up-to-date information on status of a web site.
3 /
Acunetix Web Vulnerability Scanner
http://www.acunetix.com/wvs/vulnerability-scanner.htm
/ All-in-one web vulnerability scanner / No / Win / · Provides a fully featured web security scanner, crawler, report analysis tool, as well as web security explanations, and an extensive database of security checks for all leading web server platforms.· It automatically detects, reports & addresses outdated server software
4 / N – Stealth
http://www.nstalker.com/eng/products/nstealth/ /
Web server scanner /
No / Windows / N-Stealth is a vulnerability-assessment product that scans web servers to identify security problems that may allow an attacker to gain privileged access. The software comes with an extensive database of over 30,000 vulnerabilities and exploits. N-Stealth can audit both local and remote web servers.
5 /
Nikto
http://www.cirt.net/code/nikto.shtml /
A comprehensive web scanner /
Yes / Windows
*NIX / Nikto is a web server scanner which looks for over 2000 potentially dangerous files/CGIs. It uses Libwhisker. It will test a web server in the shortest time span possible, and it's fairly obvious in log files. Scan items and plugins are frequently updated and can be automatically updated (if desired).
6 / ISS Internet Scanner
http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_internet.php /
Application-level vulnerability assessment / No / Windows / ISS scanning agent increases scanning speed and accuracy by identifying the operating systems of target hosts, and then automatically running OS-specific checks to find vulnerabilities. Its vulnerability catalog gives in-depth information on vulnerabilities, including root causes, detailed descriptions and remediation steps.
7 / Whisker /
Libwhisker
http://www.wiretrip.net/rfp/ / CGI vulnerability scanner and library /
Yes / Windows
*NIX / Whisker is a scanner which allows you to test HTTP servers for many known security holes, particularly the presence of dangerous CGIs. Libwhisker is a perl library (used by Whisker) which allows for the creation of custom HTTP scanners. If you wish to audit more than just web servers, have a look at Nessus.
8 / SPIKE Proxy
http://www.immunitysec.com/resources-freesoftware.shtml /
HTTP Hacking /
No / Windows
*NIX / Spike Proxy is an open source HTTP proxy for finding security flaws in web sites. SPIKE Proxy is a professional-grade tool for looking for application-level vulnerabilities in web applications. It supports automated SQL injection detection, web site crawling, login form brute forcing, overflow detection, and directory traversal detection.
9 / Achilles
http://www.mavensecurity.com/achilles / A Windows web attack proxy /
No / Windows / Achilles is a tool designed for testing the security of web applications. Achilles is a proxy server, which acts as a man-in-the-middle during an HTTP session. A typical HTTP proxy will relay packets to and from a client browser and a web server. Achilles will intercept an HTTP session's data in either direction and give the user the ability to alter the data before transmission.