The Attack Vectors Supported by Web Application Scanners

The current information is based on the results of the *2011/2012/2014/2016* benchmarks (excpet for entries marked as updated or new )

Last updated: 18/09/2016
Sorted in a descending order according to the scanner's number of audit features.
Hint: hover over the marks and titles to get additional information on the various features.
Glossary
Unified List   Commercial Scanners   Free / Open Source Scanners


#
LogoVulnerability Scanner
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
1
IBM AppScan30
2
WebInspect29
3
Acunetix WVS29
4
Tinfoil Security24
5
W3AF23
6
Burp Suite Professional23
7
arachni20
8
AppSpider19
9
Netsparker Cloud18
10
Netsparker18
#
LogoVulnerability Scanner
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
11
ZAP17
12
IronWASP17
13
QualysGuard WAS16
14
Syhunt Dynamic16
15
Syhunt Mini (Sandcat Mini)16
16
Wapiti15
17
SkipFish15
18
JSky (Commercial Edition)13
19
Sandcat Free Edition13
20
Vega11
#
LogoVulnerability Scanner
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
21
N-Stalker10
22
Grendel Scan9
23
Ammonite9
24
WATOBO8
25
ParosPro8
26
PowerFuzzer7
27
Andiparos7
28
Paros Proxy6
29
Uber Web Security Scanner6
30
JSky Free Edition6
#
LogoVulnerability Scanner
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
31
Oedipus6
32
safe3wvs (limited free edition)5
33
WebSecurify (Opensource Version)5
34
Grabber5
35
Netsparker Community Edition4
36
ProxyStrike4
37
WebCruiser Enterprise Edition4
38
iScan4
39
WebCruiser Free Edition4
40
WebScarab3
#
LogoVulnerability Scanner
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
41
Acunetix WVS Free Edition3
42
Xcobra3
43
Mini MySqlat0r2
44
WSTool2
45
Secubat2
46
openAcunetix2
47
N-Stalker 2012 Free Edition2
48
Damn Small SQLi Scanner (DSSS)2
49
VulnDetector2
50
sqlmap2
#
LogoVulnerability Scanner
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
51
SQLiX2
52
Gamja2
53
XSSer2
54
Priamos2
55
XSSploit2
56
LoverBoy1
57
N-Stalker 2009 Free Edition1
58
SQID (SQL Injection Digger)1
59
Web Injection Scanner (WIS)1
60
aidSQL1
#
LogoVulnerability Scanner
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
61
crawlfish1
62
Scrawlr1
63
ScreamingCSS1
64
XSSS1


Statistics
#
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
Scanners:5540754191573119251120271618612714951031728471041412157



Glossary
AliasAudit FeatureDescriptionReferences
SQLiError Based SQL InjectionSyntax injection attack that can affect the structure of database queries1, 2, 3, 4, 5
BSQLiBlind/Time-Based SQL InjectionSyntax injection attack that can affect the structure of database queries1, 2
SSJSiServer Side Java Script
(SSJS/NoSQL) Injection
Syntax injection attack that can affect the structure of server side javascript in AJAX Servers/NoSQL DBs1, 2, 3, 4, 5
RXSSReflected Cross Site ScriptingBrowser-output targeted attack that can execute HTML, JS and VBS code on other browsers1, 2, 3, 4, 5
PXSSPersistent Cross Site ScriptingBrowser-output targeted attack that can execute HTML, JS and VBS code on other browsers1, 2, 3
DXSSDOM Based Cross Site ScriptingBrowser-output targeted attack that can execute HTML, JS and VBS code on other browsers1, 2, 3
JSONhJSON HijackingJSON Hijacking (Javascript Hijacking) is an attack in which a 3rd party website abuses the beheviour of script tags and JSON to gain private data1, 2, 3, 4
LFIPath Traversal &
Local File Inclusion
Attacks that can affect the application file & directory access/inclusion1, 2, 3, 4, 5, 6, 7
RFIRemote File InclusionAttacks that can include (and potentially execute) remote code in the application1, 2
CMDExecCommand InjectionSyntax injection attack that can execute system commands in the target host1, 2, 3, 4, 5, 6
UPLOADUnrestricted File UploadA vulnerability that can enable attackers to upload malicious files to the server1, 2
REDIRECTOpen RedirectBrowser-output targeted attack that can misled users and redirect them to spoofed content1, 2, 3, 4
CRLFiHTTP Header Injection &
HTTP Response Splitting
Browser-output targeted attack that affect the browser through header/response injection1, 2, 3, 4
LDAPiLDAP InjectionSyntax injection attack that can affect the structure of LDAP queries1, 2, 3, 4
XPATHiXPath/XQuery InjectionSyntax injection attack that can affect the structure of XPath queries1, 2, 3, 4, 5, 6, 7
MXiSMTP/IMAP/Email InjectionSyntax injection attack that can spoof semi-legitimate emails and execute mail commands1, 2, 3, 4
SSIServer-Side Includes InjectionSyntax injection attack that can execute scripts on the web server1, 2, 3, 4, 5
FORMATiFormat String AttackAn attack that can abuse formatting functions to crash programs or execute harmful code1, 2, 3, 4, 5
CODEiCode InjectionSyntax injection attack that can execute technology-specific code on the server1, 2, 3, 4, 5
XMLiXML InjectionAn injection attack that can manipulate the logic of XML dependant services1, 2
ELiEL InjectionExpression Language Injection is an injection attack that can execute limited rogue code in platforms that are using "double evaluation".1, 2
BUFFERoBuffer OverflowA memory corruption attack that can crash services and execute malicious code1, 2, 3, 4, 5, 6, 7, 8, 9
INTEGERoInteger OverflowA memory corruption attack that can wraparound numeric values, and indirectly affect resources1, 2, 3, 4, 5
CODEDiscSource Code DisclosureA collection of vulnerabilities that be used to disclose the server source code1
BACKUPfBackup FilesA dictionary attack that attempts to locate unrestricted access to obsolete & sensitive files1
PADDINGPadding OracleA cryptography attack on the CBC mode of operation that can decrypt messages without the encryption key1, 2
AUTHbForceful Browsing /
Authentication Bypass
An attack that can bypass the authentication enforcement using direct resource access1, 2, 3, 4, 5
PRIVePrivilege EscalationAn attack that can enable access to restricted/private content (via parameter tampering / direct access)1, 2, 3, 4, 5, 6, 7
XXEXml External EntityAn attack that abuses the XML dynamic processing features of webservices by introducing xml structures with links to content outside of the sphere of control.1, 2, 3, 4
SESSIONWeak Session IdentifierA vulnerability that can be exploited to impersonate application users1, 2, 3, 4, 5, 6
FIXATIONSession FixationA vulnerability that can fixate (set) another person's session identifier in order to elevate further attacks1, 2, 3, 4, 5, 6
CSRFCross Site Request ForgeryA vulnerability that can enable malicious 3rd parties to perform operations on behalf of users1, 2, 3, 4, 5, 6
ADoSApplication Denial of ServiceAn attack that can deny services from legitimate users via application-level issues1, 2, 3, 4, 5, 6, 7



Copyright © 2010-2015 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.