Website security audit tools

Tools

Nikto (web application scanner)

Nikto is an open source security scanner which tests web servers for potential vulnerabilities.

» Nikto review and details

shcheck (test HTTP headers of web applications)

Security header check (shcheck) is a security tool to scan web applications and their HTTP headers. It can help securing web applications or detect weaknesses.

» Shcheck review and details

Tulpar (web vulnerability scanner)

Tulpar is a security tool to scan web targets for possible vulnerabilities. It checks a wide range of items and attack types for this particular purpose.

» Tulpar review and details

VHostScan (virtual host scanner)

VHostScan is a security tool that performs reverse lookups, can be used with pivot tools, detect catch-all scenarios, aliases, and dynamic default pages.

» VHostScan review and details

WhatWeb (website fingerprinter)

WhatWeb is a security tool written in Ruby to fingerprint web applications. It helps with detecting what software is used for a particular web application.

» WhatWeb review and details