Web application scanners
Introduction
Most software comes in the form of a web application. They are typically powered by a programming language like PHP or Python, and a database engine like MySQL or PostgreSQL. Programming languages provide maximum flexibility, yet with the risk of creating programming flaws. An example of such a flaw is not properly dealing with input provided by a user of the application. This could result in a security weakness or vulnerability.
Web application scanners can help with the detection of programming flaws. One option is to scan the original source code or scripts of the application. Some patterns in the code may be recognized as a potential weakness and reported by the scanner. Another type of web application scanning happens at the end of the generated code (HTML). By investigating the code and looking for input fields, a scanner might discover weaknesses that may result in attacks like SQL injection or cross-site scripting.
Usage
Web application scanners are typically used for application fuzzing, application security, application testing, web application analysis.
Users for these tools include developers, pentesters, security professionals, system administrators.
Tools
Highlighted tools
Some of the web application scanners have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.
Popular web application scanners
Arachni (web application scanner)
penetration testing, security assessment, web application analysis
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
CMSeeK (CMS detection and exploitation)
penetration testing, software exploitation, software identification, vulnerability scanning
CMSeeK is a security scanner for content management systems (CMS). It can perform a wide range of functions starting from the detection of the CMS, up to vulnerability scanning. The tool claims to support over 100 different CMS tools, with extensive support for the commonly used ones like Drupal, Joomla, and WordPress.
The scans performed by CMSeeK include version detection. It can also do enumeration of users, plugins, and themes. This might be useful to see what users or …
Nikto (web application scanner)
penetration testing, security assessment, web application analysis
Nikto helps with performing security scans against web servers and to search for vulnerabilities in web applications.
SQLMate (a friend of SQLMap with additional features)
penetration testing, web application analysis
SQLMate is a tool to perform security assessments and vulnerability of web applications. It can discover admin panels of websites, which might be a way to break into a web application. It also has the option for dorking, which means it can find possible vulnerable targets to a particular attack.
Spaghetti (web vulnerability scanner)
penetration testing, vulnerability scanning, vulnerability testing
Spaghetti is a light tool that can fingerprint and enumerate common locations in web applications. It is powerful in detection commonly used web frameworks and content management systems (CMS). This makes the tool useful as an additional scanner in your toolkit. From the defensive side, it is good to learn what information is leaked, so additional hardening can be applied.
Wapiti (vulnerability scanner for web applications)
application fuzzing, vulnerability scanning, web application analysis
Wapiti is typically used to audit web applications.
Wfuzz (web application fuzzer)
application fuzzing, application security, application testing, web application analysis
Wfuzz is a fuzzing tool written in Python. Tools like Wfuzz are typically used to test web applications and how they handle both expected as unexpected input.
WhatWeb (website analyzer and fingerprinting tool)
reconnaissance, web application analysis
WhatWeb can be used stealthy and fast to determine what technologies are used on a particular website or web application. This process called fingerprinting can tell a lot about how it was build and possible weaknesses it might have. The tool can be used in different levels, from stealthy to very aggressive. This last one is useful in penetration tests or during development.
WordPress Exploit Framework (WordPress exploiting toolkit)
penetration testing, security assessment, vulnerability scanning, web application analysis
The WordPress Exploit Framework (WPXF) provides a set of tools to assess and exploit WordPress installations. It can be used for pentesting and red teaming assignments. The tool is less friendly for beginners, but more experienced pentesters will find no difficulty in using it.
Wordstress (white-box scanner for WordPress installations)
application security, vulnerability scanning, web application analysis
WordPress is a popular choice among content management systems (CMS). Powering many websites and blogs, it is also a popular target. So regular updates and security testing can help to reduce the risk. WordStress can help with this testing.
Yasuo (vulnerability scanner for web applications)
penetration testing, vulnerability scanning, web application analysis
Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications. There are many remotely exploitable vulnerabilities for web applications and their front-end components. Yasuo helps to make it easier to scan for the weaknesses like remote code execution (RCE), SQL injections, and file inclusions.
ZAP (web application analysis)
penetration testing, security assessment, software testing, web application analysis
The OWASP Zed Attack Proxy (ZAP) helps to find security vulnerabilities in web applications during development and testing.
shcheck (test HTTP headers of web applications)
application security, web application analysis
This simple tool is a good option to test if advised HTTP headers are available on web application and websites. It can be used as a defensive measure during development, or offensive to find weaknesses in existing applications.
wig (reconnaissance tool for web applications)
application fingerprinting, information gathering, reconnaissance, web application analysis
Wig is a security tool to discover what particular software is for a web application or website. It can detect several Content Management Systems (CMS) and other administrative applications. This may be useful for those performing reconnaissance or information gathering, like during a penetration test of security assessment.
Other related categories: web application scanners, web application security scanners, web application security tools
Missing a favorite tool in this list? Share a tool suggestion and we will review it.